Menu
I posted a question earlier tonight - PHP Wordpress quotes issue where some quotes were causing me some issues.
An answer was posted suggesting using echo sprintf. This looked very clean and took care of any variable & quoting issues that may occur. My question is, whats the disadvantage of using sprintf? If any?
Why do we use echo if it usually causes issues with mixing HTML and PHP. For reference this was the echoed statement:
echo "<img src='"; bloginfo('template_url'); echo "img/" . $f['mainImage'] . ".png' />";
and the echo & sprintf:
echo sprintf(
'<img src="%s/img/%s.png" />',
get_bloginfo('template_url'),
$f['mainImage']
);
539
Not in any traditional sense, as PHP's sprintf doesn't support any of the really dangerous conversions like %n . A user-controlled format string can still cause some limited havoc (consider %99999999s ), but about the worst I think it could do would be to consume memory and time. Save this answer.
The sprintf() function writes a formatted string to a variable. The arg1, arg2, ++ parameters will be inserted at percent (%) signs in the main string. This function works "step-by-step". At the first % sign, arg1 is inserted, at the second % sign, arg2 is inserted, etc.
The PHP echo StatementThe echo statement can be used with or without parentheses: echo or echo() .
The common difference between sprintf() and printf() function is that sprintf() function display the text with the help of echo, whereas printf() function does not need the echo to display the text.
It's not the echo statement that "causes" problems, it's the lack of information available to newcomers, so I'll try to explain them.
There are four ways of specifying a string in php:
Using a single quote
$str = 'Hello World. This might be a php $variable';
echo $str; // Outputs: Hello World. This might be a php $variable
Since the string was wrapped in single quote, php engine will not try to interpret $variable as actual variable and the contents of what you see in the quotes will be echoed.
$variable = 'random text';
$str = "Hello World. This will be interpreted as $variable";
echo $str; // Outputs: Hello World. This will be interpreted as random text
In this example, php will try to find a variable named $variable and use its contents in the string.
Heredoc is useful for things such as what you wanted to do - you have a mix of variables, single quotes, double quotes and escaping all that can be a mess. Hence, good php people implemented the following syntax for us:
$str = <<<EOF
<img src="$directory/images/some_image.gif" alt='this is alt text' />
<p>Hello!</p>
EOF;
What will happen is that PHP engine will try to interpret variables (and functions, but I won't post examples on how to do that since it's available at php.net), however you wrapped the string with <<
$str = <<<'EOF'
<p>Hello! This wants to be a $variable but it won't be interpreted as one!</p>
EOF;
It's the same as using a single-quoted string - no variable replacements occur, and to specify something as nowdoc - simply wrap the delimiter with single quote characters as shown in the example.
If you are able to understand these four principles, problems with quotes in your string should go away :)
148
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
