From: Jason Woofenden <jason@jasonwoof.com>
Date: Sun, 10 Apr 2011 01:56:54 +0000 (-0400)
Subject: db_printf(): add %$ (not encoded) param
X-Git-Url: https://jasonwoof.com/gitweb/?p=wfpl.git;a=commitdiff_plain;h=a72cc638463765aa10fc4b106efce295d7d44457

db_printf(): add %$ (not encoded) param
---

diff --git a/db.php b/db.php
index 8ce6527..6f8b38d 100644
--- a/db.php
+++ b/db.php
@@ -97,6 +97,7 @@ function db_send_query($sql) {
 # %i  put an integer in the output (strips non-numeric digits, and puts in 0 if blank)
 # %"  output double quotes, surrounding the variable which is encoded to be in there.
 # %s  output encoded to be in double quotes, but don't output the quotes
+# %$  output argument as-is, no encoding. Make sure you quote everything from the user!
 #
 # complex example: db_get_rows('mytable', 'id', 'where name=%" or company like "%%%s%%"', $name, $company_partial);
 
@@ -132,6 +133,8 @@ function _db_printf($str, $args) {
 			$int = format_int(array_shift($args));
 			if($int == '') $int = '0';
 			$out .= $int;
+		} elseif($chr == '$') {
+			$out .= array_shift($args);
 		} else {
 			$out .= $chr;
 		}