Skip to content

P
PHP-MySQLi-Database-Class
Commit 2a19a70c authored by Josh Campbell's avatar Josh Campbell
Browse files
Options

Merge pull request #5 from rittme/patch-1 

Update MysqliDb.php
parents ac3330d3 bb1258b7
Hide whitespace changes
Inline Side-by-side
Showing with 23 additions and 10 deletions
MysqliDb.php
View file @ 2a19a70c
...@@ -88,7 +88,7 @@ class MysqliDB { ...@@ -88,7 +88,7 @@ class MysqliDB {
unset($this->_whereTypeList); unset($this->_whereTypeList);
unset($this->_paramTypeList); unset($this->_paramTypeList);
} }
/** /**
* Pass in a raw query and an array containing the parameters to bind to the prepaird statement. * Pass in a raw query and an array containing the parameters to bind to the prepaird statement.
* *
...@@ -100,18 +100,18 @@ class MysqliDB { ...@@ -100,18 +100,18 @@ class MysqliDB {
{ {
$this->_query = filter_var($query, FILTER_SANITIZE_STRING); $this->_query = filter_var($query, FILTER_SANITIZE_STRING);
$stmt = $this->_prepareQuery(); $stmt = $this->_prepareQuery();
if (gettype($bindParams) === 'array') { if (gettype($bindParams) === 'array') {
$params = array(''); // Create the empty 0 index $params = array(''); // Create the empty 0 index
foreach ($bindParams as $prop => $val) { foreach ($bindParams as $prop => $val) {
$params[0] .= $this->_determineType($val); $params[0] .= $this->_determineType($val);
array_push($params, $bindParams[$prop]); array_push($params, $bindParams[$prop]);
} }
call_user_func_array(array($stmt, "bind_param"),$this->refValues($params)); call_user_func_array(array($stmt, "bind_param"),$this->refValues($params));
} }
$stmt->execute(); $stmt->execute();
$this->reset(); $this->reset();
...@@ -222,8 +222,8 @@ class MysqliDB { ...@@ -222,8 +222,8 @@ class MysqliDB {
$this->_where[$whereProp] = $whereValue; $this->_where[$whereProp] = $whereValue;
return $this; return $this;
} }
/** /**
* This methods returns the ID of the last inserted item * This methods returns the ID of the last inserted item
* *
...@@ -234,6 +234,17 @@ class MysqliDB { ...@@ -234,6 +234,17 @@ class MysqliDB {
return $this->_mysqli->insert_id; return $this->_mysqli->insert_id;
} }
/**
* Escape harmful characters which might affect a query.
*
* @param string $str The string to escape.
* @return string The escaped string.
*/
public function escape ( $str )
{
return $this->_mysqli->real_escape_string ( $str );
}
/** /**
* This method is needed for prepared statements. They require * This method is needed for prepared statements. They require
* the data type of the field to be bound with "i" s", etc. * the data type of the field to be bound with "i" s", etc.
...@@ -300,7 +311,7 @@ class MysqliDB { ...@@ -300,7 +311,7 @@ class MysqliDB {
} }
} }
} }
//Prepair the where portion of the query //Prepair the where portion of the query
$this->_query .= ' WHERE '; $this->_query .= ' WHERE ';
$i = 1; $i = 1;
...@@ -315,7 +326,7 @@ class MysqliDB { ...@@ -315,7 +326,7 @@ class MysqliDB {
$i++; $i++;
} }
} }
// Determine if is INSERT query // Determine if is INSERT query
...@@ -389,11 +400,13 @@ class MysqliDB { ...@@ -389,11 +400,13 @@ class MysqliDB {
$meta = $stmt->result_metadata(); $meta = $stmt->result_metadata();
$row = array();
while ($field = $meta->fetch_field()) { while ($field = $meta->fetch_field()) {
array_push($parameters, $row[$field->name]); $row[$field->name] = NULL;
$parameters[] = &$row[$field->name];
} }
call_user_func_array(array($stmt, "bind_result"),$this->refValues($parameters)); call_user_func_array(array($stmt, "bind_result"),$parameters);
while ($stmt->fetch()) { while ($stmt->fetch()) {
$x = array(); $x = array();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023