well, this is a one time sql function which supports specifiers. any errors/comments are welcome.

usage:

$s = new SQL;

$username = mysql_escape_string($_POST['username']);
$password = $_POST['password'];

$result = $s->sel('SELECT * FROM users WHERE username = "%s" AND password = md5("%s")',$username,$password);

By : voldomazta

<?php

class SQL
{
var $db;

function SQL()
{
$this->db = mysql_connect('localhost','uname','pword');
mysql_select_db('dbname',$this->db);
}

function sel()
{
$argv = func_get_args();
$qtype = substr(trim($argv[0]),0,6);
if (strtolower($qtype) != 'select') {
return false;
}
if (count($argv) > 1) {
eval($this->analyze($argv));
}
$query = mysql_query($sql,$this->db) or die(mysql_error());
return mysql_fetch_array($query);
}

function ins()
{
$argv = func_get_args();
$qtype = substr(trim($argv[0]),0,6);
if (strtolower($qtype) != 'insert') {
return false;
}
if (count($argv) > 1) {
eval($this->analyze($argv));
}
if (mysql_query($sql,$this->db)) {
return true;
}
}

function upd()
{
$argv = func_get_args();
$qtype = substr(trim($argv[0]),0,6);
if (strtolower($qtype) != 'update') {
return false;
}
if (count($argv) > 1) {
eval($this->analyze($argv));
}
if (mysql_query($sql,$this->db)) {
return true;
}
}

function quote($str) {
return str_pad($str, strlen($str)+2 , '"', STR_PAD_BOTH);
}

function analyze($argv) {
$sql = $argv[0];
unset($argv[0]);
preg_match_all('/(\%[a-z]{1})/',$sql,$specifiers);
$s_count = count($specifiers[0]);
if ($s_count == 0) {
die('You have no variables to substitute in your SQL query.');
} elseif (count($argv) != $s_count) {
die('The number of specifiers in your query do not equal the number of arguments.');
}
$line = sprintf('$sql = sprintf(\'%s\'',$sql);
foreach ($argv as $k=>$arg) {
$s = str_replace('%','',$specifiers[0][$k - 1]);
$line .= ', ';
$float = array('f','F');
$integer = array('u','d','b','o');
$string = array('x','X','s','e','c');
if (in_array($s,$float)) {
$line .= (float)$arg;
} elseif (in_array($s,$integer)) {
$line .= (int)$arg;
} elseif (in_array($s,$string)) {
$line .= $this->quote($arg);
} else {
die('You have included an appropriate specifier "%' . $s . '" in your SQL query.');
}
}
$line .= ');';
return $line;
}
}

?>

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More Database Code Articles
More By Codewalkers

 

developerWorks - FREE Tools!

NEW! Calling all CC Power Users – and those that would like to be! Join this Rational Talks to You teleconference, featuring Paul Boustany and Mark Krasovich, to speak to the experts about becoming a Rational ClearCase power user. Get a chance to ask your questions and learn tips and tricks for using Rational ClearCase in Agile development FREE! Go There Now!

NEW! Don't wait! Try the Rational Application Developer (RAD) v7.5 open beta code today Download the Rational Application Developer (RAD) v7.5 open beta code and start developing applications for the JEE5 standard which features EJB3.0, JPA, JSF 1.2, JSP 2.1 and Servlet 2.5 standards. When you use this beta you will see how you can increase developer productivity for already existing applications with improved support for refactoring, as well as adding new features to existing applications. In addition, the beta provides tooling for JD Edwards, Oracle, SAP, Siebel and PeopleSoft to improve the developer productivity with these enterprise systems. FREE! Go There Now!

NEW! Download the free Web Application Security eKit Discover how IBM Rational AppScan Standard Edition can help you detext vulnerabilities in your web applications in the Web Application Security eKit. IBM Rational AppScan is a leading suite of automated web application security solutions that scan and test for common Web application vulnerabilities. The new Web Application Security eKit provides you with valuable resources, including white papers, demos, and additional information on the benefits of testing your Web applications. FREE! Go There Now!

NEW! Evaluate Rational Business Developer V7.1 Visit IBM developerWorks to download a free trial version of IBM Rational Business Developer V7.1. Rational Business Developer offers rapid and simplified development of business applications and services through Enterprise Generation Language (EGL) tools, generating Java or mainframe solutions while shielding developers from technical complexities. FREE! Go There Now!

NEW! IBM Rational AppScan Standard Edition V7.7 Secure your Web applications with IBM Rational AppScan Standard Edition V7.7, previously known as Watchfire AppScan. This Web application security testing tool automates vulnerability assessments and scans and tests for common Web application vulnerabilities. Visit IBM developerWorks to download a free trial of IBM Rational AppScan Standard Edition V7.7. FREE! Go There Now!

NEW! Successful Change and Release Management for .NET Join this webcast to discover the key requirements for successful change and release management. Learn how to extend your .NET environment to improve productivity and collaboration, and address core problems afflicting team development. In this webcast, we’ll review typical challenges faced by customers and how to resolve them with the IBM Rational Change and Release Management solution, including Rational ClearCase, Rational ClearQuest and Rational Build Forge. Replay is available for 9 months. FREE! Go There Now!

NEW! Trial download: IBM Rational Method Composer V7.2 Get a free trial download of the latest version of IBM Rational Method Composer V7.2 which helps you deliver customized yet consistent process guidance to your project teams and IT organization, and includes the latest version of IBM Rational Unified Process (RUP), which has provided process guidance to teams since 1996. FREE! Go There Now!

NEW! Try the IBM SOA Sandbox for People Visit IBM developerWorks to try the IBM SOA Sandbox for people. The SOA Sandbox for people provides a trial environment with the necessary tooling and components required to enable consistent human and process interaction and collaboration, showing how you can improve user experience and business productivity. FREE! Go There Now!

NEW! Using IBM Rational Developer for System z and IBM Rational ClearCase together to manage application development Whether you are creating new applications or modifying existing ones, managing integration of new components with traditional z/OS elements is a critical part of building and deploying modern applications. Listen to this webcast to see how IBM can help you optimize your development process using an IDE like Rational Developer for System z that integrates with management tools, such as ClearCase to manage your application development on mainframes. FREE! Go There Now!

NEW! Webcast: WebSphere Process Server WebSphere Process Server delivers a unique integration framework that simplifies existing IT resources. Often, as IT assets grow to support business demand, so too does their complexity and manageability. In this webcast, we’ll discuss how WebSphere Process Server helps deliver an SOA infrastructure that provides a common model to orchestrate, mediate, connect, map, and execute the underlying IT functions. Discover how WebSphere Process Server simplifies integration of business processes by leveraging existing IT assets as reusable services without the complexities of traditional integration methodologies. FREE! Go There Now!

All FREE IBM® developerWorks Tools!