向东博客 专注WEB应用 构架之美 --- 构架之美，在于尽态极妍 | 应用之美，在于药到病除|赢在IT，Playin' with IT,Focus on Killer Application,Marketing Meets Technology.

写CDB类库的时候,就有一个查询是要求写出一个,具有可变参数个数的函数，类似于sprintf，fsql定义了数据格式，v1, v2等变量定义了要替换的值，然后将替换后的字符串作为数据库查询进行执行.
先举一个实现后的例子:
queryf("select * from glove_user where name = '%s' and site = '%s'", 'glove', 'glovely.info');
这其实就是一个select语句,其中不同的地方就是第一个参数中的name的值%s用后面的’glove’来替换,site的值%s用后面的’glovely.info’来替换,这些可以替换的参数是不限定个数的.
也就是说这个函数像我们用的sprintf一样,是带有不定个数的参数的.
实例1：
<?php function formatString($str) {     if (get_magic_quotes_gpc ()) {         $str = stripslashes ( $str );     }     if (! is_numeric ( $str )) {         //$str = mysqli_real_escape_string ($dbObj,$str);         $str = mysql_real_escape_string($str);     }     return $str; } function sqlParamBind($sqlParam){     if(empty($sqlParam)) return "";     if(is_string($sqlParam)) return $sqlParam;     if(count($sqlParam) <= 1 ) return $sqlParam[0];     for($i=1,$total=count($sqlParam);$i<$total;$i++){         $sqlParam[$i] = formatString($sqlParam[$i]);     }     $sqlPart = call_user_func_array('sprintf',$sqlParam);     return $sqlPart; } $QQ = "372647693"; $trueName = "Jackxiang"; $ID = 103; $sqlBuild = array(         'update glove_user set QQ=\'%1$s\',Version=\'%4$s\',Name=\'%2$s\',FTime=now() where ID=\'%3$s\' and FQQ = \'\'',         $QQ,         $trueName,         $ID,         "3rd",         ); $sql = sqlParamBind($sqlBuild); echo $sql; ?>

两个需要解释：
1.mysqli_real_escape_string于mysql_real_escape_string
一、mysql中：
mysql_escape_string
mysql_real_escape_string
二、mysqli中：
escape_string
real_escape_string
mysqli_real_escape_string
mysqli_escape_string //是mysqli_real_escape_string的别名
You should use mysql_real_escape_string() instead!
This function is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler as its first argument and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current character set.  
2.call_user_func_array
<?php function foobar($arg, $arg2) {     echo __FUNCTION__, " got $arg and $arg2\n"; } class foo {     function bar($arg, $arg2) {         echo __METHOD__, " got $arg and $arg2\n";     } } // Call the foobar() function with 2 arguments call_user_func_array("foobar", array("one", "two")); // Call the $foo->bar() method with 2 arguments $foo = new foo; call_user_func_array(array($foo, "bar"), array("three", "four")); ?>
Result:
# php call_user_func_array.php
foobar got one and two
foo::bar got three and four

作者：jackxiang@向东博客 专注WEB应用 构架之美 --- 构架之美，在于尽态极妍 | 应用之美，在于药到病除
地址：http://jackxiang.com/post/4387/
版权所有。转载时必须以链接形式注明作者和原始出处及本声明！