well, this is a one time sql function which supports specifiers. any errors/comments are welcome.
usage:
$s = new SQL;
$username = mysql_escape_string($_POST['username']);
$password = $_POST['password'];
$result = $s->sel('SELECT * FROM users WHERE username = "%s" AND password = md5("%s")',$username,$password);
By : voldomazta
<?php
class SQL
{
var $db;
function SQL()
{
$this->db = mysql_connect('localhost','uname','pword');
mysql_select_db('dbname',$this->db);
}
function sel()
{
$argv = func_get_args();
$qtype = substr(trim($argv[0]),0,6);
if (strtolower($qtype) != 'select') {
return false;
}
if (count($argv) > 1) {
eval($this->analyze($argv));
}
$query = mysql_query($sql,$this->db) or die(mysql_error());
return mysql_fetch_array($query);
}
function ins()
{
$argv = func_get_args();
$qtype = substr(trim($argv[0]),0,6);
if (strtolower($qtype) != 'insert') {
return false;
}
if (count($argv) > 1) {
eval($this->analyze($argv));
}
if (mysql_query($sql,$this->db)) {
return true;
}
}
function upd()
{
$argv = func_get_args();
$qtype = substr(trim($argv[0]),0,6);
if (strtolower($qtype) != 'update') {
return false;
}
if (count($argv) > 1) {
eval($this->analyze($argv));
}
if (mysql_query($sql,$this->db)) {
return true;
}
}
function quote($str) {
return str_pad($str, strlen($str)+2 , '"', STR_PAD_BOTH);
}
function analyze($argv) {
$sql = $argv[0];
unset($argv[0]);
preg_match_all('/(\%[a-z]{1})/',$sql,$specifiers);
$s_count = count($specifiers[0]);
if ($s_count == 0) {
die('You have no variables to substitute in your SQL query.');
} elseif (count($argv) != $s_count) {
die('The number of specifiers in your query do not equal the number of arguments.');
}
$line = sprintf('$sql = sprintf(\'%s\'',$sql);
foreach ($argv as $k=>$arg) {
$s = str_replace('%','',$specifiers[0][$k - 1]);
$line .= ', ';
$float = array('f','F');
$integer = array('u','d','b','o');
$string = array('x','X','s','e','c');
if (in_array($s,$float)) {
$line .= (float)$arg;
} elseif (in_array($s,$integer)) {
$line .= (int)$arg;
} elseif (in_array($s,$string)) {
$line .= $this->quote($arg);
} else {
die('You have included an appropriate specifier "%' . $s . '" in your SQL query.');
}
}
$line .= ');';
return $line;
}
}
?>
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Database Code Articles
More By Codewalkers
developerWorks - FREE Tools! |
As organizations integrate software into every aspect of business, they are constantly pressured to deliver faster, better, and cheaper results. Unfortunately, a “dis-integrated” software delivery approach reduces returns while increasing costs. This IBM Rational White Paper shows how Integrated Requirements Management aligns organizations around maximizing value and keeping pace with change. FREE! Go There Now!
|
|
|
|
Get a free trial download of the latest version of IBM Rational Performance Tester V7.0.1, a load and performance testing solution for teams concerned about the scalability of their Web-based applications. Combining multiple ease-of-use features with granular detail, Rational Performance Tester simplifies the test-creation, load-generation and data-collection processes that help teams ensure the ability of their applications to accommodate required user loads. FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download the latest trial version of IBM Data Studio V1.1 at no cost. IBM Data Studio is a comprehensive data management solution that helps you effectively design, develop, deploy and manage your data, databases, and database applications throughout the data management life cycle utilizing a consistent and integrated user interface. Unlike other client-side data management solutions that focus on only one aspect of the application lifecycle or database administration, Data Studio complements the Rational Software Delivery platform, providing unparalleled flexibility for a heterogeneous data server environment across platforms. FREE! Go There Now!
|
|
|
|
In this webcast, you'll get an introduction to the eXtreme Transaction Processing (XTP) features of WebSphere Extended Deployment and the common architectural traits required by XTP applications. See how WebSphere Extended Deployment's ObjectGrid feature provides a state-of-the-art infrastructure for hosting XTP applications. FREE! Go There Now!
|
|
|
|
Learn how you can extend modern application lifecycle management to IBM System z through the IBM Rational Software Delivery Platform (SDP). The Did you say mainframe? e-kit includes podcasts, webcasts, tutorials, white and red papers, demos, and articles designed to help ease the challenges of modernizing your enterprise. This complimentary kit for mainframe developers is a practical, how-to guide for making the most of an existing development environment, including the skills and infrastructure already in place at an established enterprise. FREE! Go There Now!
|
|
|
|
Join this Rational Talks to You teleconference on December 11 at 1:00 pm ET to get tips on building your own plugins with Rational Method Composer. Get your questions answered! FREE! Go There Now!
|
|
|
|
Whether you are creating new applications or modifying existing ones, managing integration of new components with traditional z/OS elements is a critical part of building and deploying modern applications. Listen to this webcast to see how IBM can help you optimize your development process using an IDE like Rational Developer for System z that integrates with management tools, such as ClearCase to manage your application development on mainframes. FREE! Go There Now!
|
|
|
|
Listen to this webcast to get an overview of Info 2.0 and a technical demo of how to quickly build an enterprise mashup. IBM's Info 2.0 technology leverages emerging Web 2.0 technologies such as mashups, feeds, AJAX, and JSON in order to simplify assembly of information using feeds and services. Come learn about the technical elements of Info 2.0 including the Feed Generation framework, Mashup Engine, and mashup assembly components. Learn how to pull information from databases, departmental information, and the Web to create mashups critical to your company’s success. We will also discuss best practices to help you get started. FREE! Go There Now!
|
|
|
|
Download a free trial version of IBM Rational Developer for System i V7.1, which provides a complete development environment for traditional i5/OS application development. IBM Rational Developer for System i is a new eclipse-based workstation offering for i5/OS application development that provides a comprehensive Integrated Development Environment for edit/compile/debug of traditional RPG/COBOL/C/C++ i5/OS applications. FREE! Go There Now!
|
|
|
|
As businesses grow increasingly dependent upon Web applications to provide services to customers, employees and partners, these complex applications become more difficult to secure. Although traditional security solutions protect Internet infrastructure layers, they do not guard against HTTP and HTML attacks. Many organizations that conduct security testing still deploy applications that allow attackers to manipulate their logic and wreak havoc on their business. To mitigate this risk, development and delivery teams must address Web application security throughout the lifecycle, addressing the many layers detailed in this paper. FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools! |