db_printf(): add %$ (not encoded) param

author Jason Woofenden <jason@jasonwoof.com>

Sun, 10 Apr 2011 01:56:54 +0000 (21:56 -0400)

committer Jason Woofenden <jason@jasonwoof.com>

Sun, 10 Apr 2011 01:57:00 +0000 (21:57 -0400)
author Jason Woofenden <jason@jasonwoof.com>
Sun, 10 Apr 2011 01:56:54 +0000 (21:56 -0400)
committer Jason Woofenden <jason@jasonwoof.com>
Sun, 10 Apr 2011 01:57:00 +0000 (21:57 -0400)
diff --git a/db.php b/db.php

index 8ce6527..6f8b38d 100644 (file)
--- a/db.php
+++ b/db.php
@@ -97,6 +97,7 @@ function db_send_query($sql) {
  # %i  put an integer in the output (strips non-numeric digits, and puts in 0 if blank)
  # %"  output double quotes, surrounding the variable which is encoded to be in there.
  # %s  output encoded to be in double quotes, but don't output the quotes
+# %$  output argument as-is, no encoding. Make sure you quote everything from the user!
  #
  # complex example: db_get_rows('mytable', 'id', 'where name=%" or company like "%%%s%%"', $name, $company_partial);
  
@@ -132,6 +133,8 @@ function _db_printf($str, $args) {
                         $int = format_int(array_shift($args));
                         if($int == '') $int = '0';
                         $out .= $int;
+               } elseif($chr == '$') {
+                       $out .= array_shift($args);
                 } else {
                         $out .= $chr;
                 }
author	Jason Woofenden <jason@jasonwoof.com>
	Sun, 10 Apr 2011 01:56:54 +0000 (21:56 -0400)
committer	Jason Woofenden <jason@jasonwoof.com>
	Sun, 10 Apr 2011 01:57:00 +0000 (21:57 -0400)