mysqli - Creating a php class for database insert functions -


i trying create class save time on cleaning variables before sending them database prevent sql injections. basic systems working cant seem where/or statement implemented. know how add this?

<?php  class database {     private $db = '';     private $database = '';      function __construct($settings) {         $this->db = new mysqli('127.0.0.1', $settings['mysql_user']['username'], $settings['mysql_user']['password']);         $this->database = $settings['mysql_user']['database'];          print_r('database loaded!<br/>');     }     public function query($method, $database, $rows, $params, $where = array(), $or = array()) {         $count = 0;         $amount = count($rows);         $final_rows = '';         $final_data = '';         $bind_names = array();         $bind_names[0] = '';         $param_types = array(             "int" => "i",             "string" => "s",             "double" => "d",             "blob" => "b"         );          switch($method) {             case 'insert':                 foreach ($rows $row) {                     $count = $count + 1;                     $final_rows .= '`' . $row . '`' . ($count != $amount ? ', ' : '');                     $final_data .= '?' . ($count != $amount ? ', ' : '');                 }                  $stmt = $this->db->prepare('insert `' . $this->database . '`.`' . $database . '` (' . $final_rows . ') values (' . $final_data . ')');                  ($i = 0; $i < count($params); $i++)                 {                    $bind_name = 'bind'.$i;                    $$bind_name = $params[$i][1];                    $bind_names[0] .= $param_types[$params[$i][0]];                    $bind_names[] = &$$bind_name;                 }                  call_user_func_array( array ($stmt, 'bind_param'), $bind_names);                   return $stmt->execute();             break;             case 'update':                 foreach ($rows $row) {                     $count = $count + 1;                     $final_rows .= '`' . $row . '`' . ($count != $amount ? ', ' : '');                     $final_data .= '?' . ($count != $amount ? ', ' : '');                 }                  $stmt = $this->db->prepare('update `' . $this->database . '`.`' . $database . '` set ' . $final_rows . '');                  ($i = 0; $i < count($params); $i++)                 {                    $bind_name = 'bind'.$i;                    $$bind_name = $params[$i][1];                    $bind_names[0] .= $param_types[$params[$i][0]];                    $bind_names[] = &$$bind_name;                 }                  call_user_func_array( array ($stmt, 'bind_param'), $bind_names);                   return $stmt->execute();             break;             case 'replace':                 foreach ($rows $row) {                     $count = $count + 1;                     $final_rows .= '`' . $row . '`' . ($count != $amount ? ', ' : '');                     $final_data .= '?' . ($count != $amount ? ', ' : '');                 }                  $stmt = $this->db->prepare('replace `' . $this->database . '`.`' . $database . '` (' . $final_rows . ') values (' . $final_data . ')');                  ($i = 0; $i < count($params); $i++)                 {                    $bind_name = 'bind'.$i;                    $$bind_name = $params[$i][1];                    $bind_names[0] .= $param_types[$params[$i][0]];                    $bind_names[] = &$$bind_name;                 }                  call_user_func_array( array ($stmt, 'bind_param'), $bind_names);                   return $stmt->execute();             break;         }     } }  ?>

going make few assumptions, first i'll recommend use orm before whipping own solution. here's list of php libraries (i've linked database sections, includes done stand-alone orms https://github.com/ziadoz/awesome-php#database)

that being said i'm going assume $where , $or arrays both construct , items in $where combined via , and $or combined via or.

because didn't describe kind of output looking i'm assuming $where , $or key/value pairs translates "key=value , key=value , (key=value or key=value)".

disclaimer: example kind of hacky, shortest/simplest way example across.

$wherequery = ''; foreach ($where $key => $value) {     $wherequery .= "$key = $value and"; }  if ($or !== array()) {     $wherequery .= '(';     foreach ($or $key => $value) {         $wherequery .= "$key = $value or";     } }  if ($wherequery !== '') {     if (($temp = strlen($wherequery) - strlen('and')) >= 0 && strpos($wherequery, 'and', $temp) !== false) {          $wherequery = substr($wherequery, -4);     } else {          $wherequery = substr($wherequery, -3) . ')';     }     $wherequery = "where $wherequery"; }

you can stick $wherequery @ end of update or select. if $where , $or empty it'll still work.

you move loops functions , make recursive if $value array create more complex statements.


Comments

Post a Comment

Popular posts from this blog

How to connect android app to App engine -

i'm trying connect app in android server i've opened on appengine. my server's name : dddd-daniel-2345 , website server : http://dddd-daniel-2345.appspot.com/ this how connect android app server in app engine: app.yaml: application: dddd-daniel-2345 version: 1 runtime: python27 api_version: 1 threadsafe: yes handlers: - url: .* script: main.app libraries: - name: webapp2 version: "2.5.2" main.py: #!/usr/bin/env python # # copyright 2007 google inc. google.appengine.api import users import webapp2 class userhandler(webapp2.requesthandler): def get(self): user = users.get_current_user() if user: greeting = ('%s,%s,%s' % (user.email(),user.user_id(),user.nickname())) else: greeting = ('not logged in') self.response.out.write(greeting) app = webapp2.wsgiapplication([('/', userhandler),], debug=true) my applications code : add manifast main....
Read more

gcc - MinGW's ld cannot perform PE operations on non PE output file -

i know there other similar questions out there, stackoverflow or not. i've researched lot this, , still didn't find single solution. i'm doing operative system side project. i've been doing in assembly, wanna join c code. test, made assembly code file (called test.asm): [bits 32] global _a section .text _a: jmp $ then made c file (called main.c): extern void a(void); int main(void) { a(); } to link, used file (called make.bat): "c:\mingw\bin\gcc.exe" -ffreestanding -c -o c.o main.c nasm -f coff -o asm.o test.asm "c:\mingw\bin\ld.exe" -ttext 0x100000 --oformat binary -o out.bin c.o asm.o pause i've been researching ages, , i'm still struggling find answer. hope won't flagged duplicate. acknowledge existence of similar questions, have different answers, , none work me. question: what doing wrong? old mingw versions had problem "ld" not able create non-pe files @ all. maybe current versions...
Read more

php - display validation error message next to the textbox in codeigniter -

Image
i'm newbie codeigniter.i want display error message next text box.my view file create.php contains following code. <?php echo validation_errors(); //validation echo form_open('news/create'); //create form ?> <div class="boxes"> <div class="common"> <div class="lables"> <label for="name">name</label> </div> <div class="text_boxes"> <input type="text" name="uname" /><div id="infomessage"><?php echo $message;?></br> </div> </div>` and below controller model: public function create() { $this->load->helper('form'); $this->load->library('form_validation'); $data['title'] = 'insert items'; $this->form_validation->set_rules('uname','required|min_length[6]|m...
Read more