Database Code

  Home arrow Database Code arrow SQL function with integrated sprintf()
DATABASE CODE

SQL function with integrated sprintf()
By: Codewalkers
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 1
    2006-01-03

    Table of Contents:

     
     

    SEARCH CODEWALKERS

    well, this is a one time sql function which supports specifiers. any errors/comments are welcome.

    usage:

    $s = new SQL;

    $username = mysql_escape_string($_POST['username']);
    $password = $_POST['password'];

    $result = $s->sel('SELECT * FROM users WHERE username = "%s" AND password = md5("%s")',$username,$password);

    By : voldomazta

    <?php

    class SQL
    {
    var $db;

    function SQL()
    {
    $this->db = mysql_connect('localhost','uname','pword');
    mysql_select_db('dbname',$this->db);
    }

    function sel()
    {
    $argv = func_get_args();
    $qtype = substr(trim($argv[0]),0,6);
    if (strtolower($qtype) != 'select') {
    return false;
    }
    if (count($argv) > 1) {
    eval($this->analyze($argv));
    }
    $query = mysql_query($sql,$this->db) or die(mysql_error());
    return mysql_fetch_array($query);
    }

    function ins()
    {
    $argv = func_get_args();
    $qtype = substr(trim($argv[0]),0,6);
    if (strtolower($qtype) != 'insert') {
    return false;
    }
    if (count($argv) > 1) {
    eval($this->analyze($argv));
    }
    if (mysql_query($sql,$this->db)) {
    return true;
    }
    }

    function upd()
    {
    $argv = func_get_args();
    $qtype = substr(trim($argv[0]),0,6);
    if (strtolower($qtype) != 'update') {
    return false;
    }
    if (count($argv) > 1) {
    eval($this->analyze($argv));
    }
    if (mysql_query($sql,$this->db)) {
    return true;
    }
    }

    function quote($str) {
    return str_pad($str, strlen($str)+2 , '"', STR_PAD_BOTH);
    }

    function analyze($argv) {
    $sql = $argv[0];
    unset($argv[0]);
    preg_match_all('/(\%[a-z]{1})/',$sql,$specifiers);
    $s_count = count($specifiers[0]);
    if ($s_count == 0) {
    die('You have no variables to substitute in your SQL query.');
    } elseif (count($argv) != $s_count) {
    die('The number of specifiers in your query do not equal the number of arguments.');
    }
    $line = sprintf('$sql = sprintf(\'%s\'',$sql);
    foreach ($argv as $k=>$arg) {
    $s = str_replace('%','',$specifiers[0][$k - 1]);
    $line .= ', ';
    $float = array('f','F');
    $integer = array('u','d','b','o');
    $string = array('x','X','s','e','c');
    if (in_array($s,$float)) {
    $line .= (float)$arg;
    } elseif (in_array($s,$integer)) {
    $line .= (int)$arg;
    } elseif (in_array($s,$string)) {
    $line .= $this->quote($arg);
    } else {
    die('You have included an appropriate specifier "%' . $s . '" in your SQL query.');
    }
    }
    $line .= ');';
    return $line;
    }
    }

    ?>
    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More Database Code Articles
    More By Codewalkers

    blog comments powered by Disqus

    DATABASE CODE ARTICLES

    - Converting CSV Files to MySQL Insert Queries...
    - Examples and Tools for Database Design
    - Relationships, Entities and Database Design
    - Modeling and Designing Databases
    - Data extract to Excel
    - Oracle database class 0.76
    - The opposite of mysql_fetch_assoc
    - On line Thermal Transmitance Calculation
    - pjjTextBase
    - PHP Object Generator
    - FastMySQL
    - RC4PHP
    - SQL function with integrated sprintf()
    - DB Interaction Classes v1.1
    - deeMySQLParser

    Developer Shed Affiliates

     



    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap