|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2020-11-13 10:42 UTC] cmb@php.net
-Status: Open
+Status: Suspended
[2020-11-13 10:42 UTC] cmb@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Tue Apr 23 09:01:27 2024 UTC |
Description: ------------ sprintf, vsprintf etc have numerous different specifiers for numbers, but only a single generic 'string' option for strings with %s. It would be useful to have additional options for escaping values, for example with URL encoding or HTML escaping. You might say that you can achieve this by applying escaping functions to the variables you pass in, which is correct, but in the interests of DRY, it's much tidier if the printing function can do this itself - and after all there is a clear precedent in the form of all the numeric options for which you could say the same. It might be interesting to provide SQL escaping specifiers, since PDO doesn't provide a complete implementation for this, thoughit may be difficult to pass in a connection reference in a clean way. Test script: --------------- The current implementation looks like this: echo sprintf('<a href="%s?linkname=%s">%s</a>', 'myscript.php', rawurlencode('> my link'), htmlentities('> my link', ENT_QUOTES)); Assuming the %h specifier applies URL-encoding, and the %H specifier applies HTML escaping: echo sprintf('<a href="%1$s?linkname=%2$h">%2$H</a>', 'myscript.php', '> my link'); Result: <a href="myscript.php?linkname=%3E%20my%20link">> my link</a>