well, this is a one time sql function which supports specifiers. any errors/comments are welcome.
usage:
$s = new SQL;
$username = mysql_escape_string($_POST['username']);
$password = $_POST['password'];
$result = $s->sel('SELECT * FROM users WHERE username = "%s" AND password = md5("%s")',$username,$password);
By : voldomazta
<?php
class SQL
{
var $db;
function SQL()
{
$this->db = mysql_connect('localhost','uname','pword');
mysql_select_db('dbname',$this->db);
}
function sel()
{
$argv = func_get_args();
$qtype = substr(trim($argv[0]),0,6);
if (strtolower($qtype) != 'select') {
return false;
}
if (count($argv) > 1) {
eval($this->analyze($argv));
}
$query = mysql_query($sql,$this->db) or die(mysql_error());
return mysql_fetch_array($query);
}
function ins()
{
$argv = func_get_args();
$qtype = substr(trim($argv[0]),0,6);
if (strtolower($qtype) != 'insert') {
return false;
}
if (count($argv) > 1) {
eval($this->analyze($argv));
}
if (mysql_query($sql,$this->db)) {
return true;
}
}
function upd()
{
$argv = func_get_args();
$qtype = substr(trim($argv[0]),0,6);
if (strtolower($qtype) != 'update') {
return false;
}
if (count($argv) > 1) {
eval($this->analyze($argv));
}
if (mysql_query($sql,$this->db)) {
return true;
}
}
function quote($str) {
return str_pad($str, strlen($str)+2 , '"', STR_PAD_BOTH);
}
function analyze($argv) {
$sql = $argv[0];
unset($argv[0]);
preg_match_all('/(\%[a-z]{1})/',$sql,$specifiers);
$s_count = count($specifiers[0]);
if ($s_count == 0) {
die('You have no variables to substitute in your SQL query.');
} elseif (count($argv) != $s_count) {
die('The number of specifiers in your query do not equal the number of arguments.');
}
$line = sprintf('$sql = sprintf(\'%s\'',$sql);
foreach ($argv as $k=>$arg) {
$s = str_replace('%','',$specifiers[0][$k - 1]);
$line .= ', ';
$float = array('f','F');
$integer = array('u','d','b','o');
$string = array('x','X','s','e','c');
if (in_array($s,$float)) {
$line .= (float)$arg;
} elseif (in_array($s,$integer)) {
$line .= (int)$arg;
} elseif (in_array($s,$string)) {
$line .= $this->quote($arg);
} else {
die('You have included an appropriate specifier "%' . $s . '" in your SQL query.');
}
}
$line .= ');';
return $line;
}
}
?>
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Database Code Articles
More By Codewalkers
 developerWorks - FREE Tools!
|
Build secure Web services with transport-level security using IBM Rational Application Developer V7 and IBM WebSphere Application Server V6.1. Follow this three-part series for step-by-step instructions about how to develop Web services and clients, configure HTTP basic authentication, and configure HTTP over SSL (HTTPS). This first part of the series walks you through building a Web service for a simple calculator application. You generate and test two different types of Web services clients: a Java Platform, Enterprise Edition (Java EE) client and a stand-alone Java client. You also handle user-defined exceptions in Web services.
FREE! Go There Now!
|
|
|
|
Download a free trial version of IBM Rational Developer for System i V7.1, which provides a complete development environment for traditional i5/OS application development. IBM Rational Developer for System i is a new eclipse-based workstation offering for i5/OS application development that provides a comprehensive Integrated Development Environment for edit/compile/debug of traditional RPG/COBOL/C/C++ i5/OS applications.
FREE! Go There Now!
|
|
|
|
Learn how to implement a build management system that uses and extends your existing automation technologies. This tutorial shows, step-by-step, how to install and configure IBM Rational Build Forge to manage builds for Jakarta Tomcat from source code.
FREE! Go There Now!
|
|
|
|
This demonstration gives you an overview of IBM® Rational® Build Forge Express Edition, a global offering that provides a framework to automate and execute software processes. Rational Build Forge provides a software assembly line that can support all of your tools, technologies, and platforms so you can achieve a repeatable, reliable, and traceable build and release process.
FREE! Go There Now!
|
|
|
|
Ken Krugler, co-founder of code search company Krugle, and Laura Merling, vice president of Marketing and Business Development for Krugle, join to talk about the ins and outs of code search and what it means as a new feature for developerWorks users.
FREE! Go There Now!
|
|
|
|
WebSphere Process Server delivers a unique integration framework that simplifies existing IT resources. Often, as IT assets grow to support business demand, so too does their complexity and manageability. In this webcast, we’ll discuss how WebSphere Process Server helps deliver an SOA infrastructure that provides a common model to orchestrate, mediate, connect, map, and execute the underlying IT functions. Discover how WebSphere Process Server simplifies integration of business processes by leveraging existing IT assets as reusable services without the complexities of traditional integration methodologies.
FREE! Go There Now!
|
|
|
|
As organizations integrate software into every aspect of business, they are constantly pressured to deliver faster, better, and cheaper results. Unfortunately, a “dis-integrated” software delivery approach reduces returns while increasing costs. This IBM Rational White Paper shows how Integrated Requirements Management aligns organizations around maximizing value and keeping pace with change.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to try the IBM SOA Sandbox for connectivity. The SOA Sandbox for connectivity provides a trial environment with the tooling and components to help you explore how to effectively connect your infrastructure and integrate all of the people, processes and information in your company. Use the hosted sandbox to explore SOA techniques that streamline connecting existing IT assets together, as well as learn how to connect them to new business logic.
FREE! Go There Now!
|
|
|
|
User communities play an important role in communication and collaboration around products, solutions and other areas of special interest to members. Successful communities are able to provide the right mix of content and services to deliver a value proposition that resonates with each audience. Join Tom Inman, VP of Marketing for Information and Platform Solutions as he introduces the new LeverageINFORMATION community. During this webcast, learn about the value provided by the community and how customers and partners derive value from the community in addressing their own technical and business challenges.
FREE! Go There Now!
|
|
|
|
In this webcast, IBM Rational will discuss the importance of Web application security and will share techniques and best practices to introduce application security testing into current QA processes including: understanding common security vulnerabilities and techniques to integrate security testing with defect tracking and remediation systems in an effort to safeguard sensitive online information.
FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools!
|
