JAY6390
12-31-2009, 03:35 PM
Well I created this function a while back but it's still invaluable to people who generate queries. If you're familiar with sprintf and use it to put your variables into your mysql queries then you can use instead of using mysql_real_escape_string on every param. For example, suppose you have
$query = sprintf("INSERT INTO
`users`
(`firstname`, `lastname`, `address1`, `zipcode`)
VALUES
('%s', '%s', '%s', '%s', '%s')",
mysql_real_escape_string($firstname),
mysql_real_escape_string($flastname),
mysql_real_escape_string($address1),
mysql_real_escape_string($zipcode)
); You could convert it to just
$query = mressf("INSERT INTO
`users`
(`firstname`, `lastname`, `address1`, `zipcode`)
VALUES
('%s', '%s', '%s', '%s', '%s')",
$firstname,
$flastname,
$address1,
$zipcode
); and it would escape all the values for you
Here is the function
function mressf()
{
$args = func_get_args();
if (count($args) < 2)
return false;
$query = array_shift($args);
$args = array_map('mysql_real_escape_string', $args);
array_unshift($args, $query);
$query = call_user_func_array('sprintf', $args);
return $query;
}
the sprintf mysql_real_escape_string function can aslo be found here (http://www.jaygilford.com/php/sprintf-and-mysql_real_escape_string-all-in-one-function/)
I hope this is of help to some of you :)
$query = sprintf("INSERT INTO
`users`
(`firstname`, `lastname`, `address1`, `zipcode`)
VALUES
('%s', '%s', '%s', '%s', '%s')",
mysql_real_escape_string($firstname),
mysql_real_escape_string($flastname),
mysql_real_escape_string($address1),
mysql_real_escape_string($zipcode)
); You could convert it to just
$query = mressf("INSERT INTO
`users`
(`firstname`, `lastname`, `address1`, `zipcode`)
VALUES
('%s', '%s', '%s', '%s', '%s')",
$firstname,
$flastname,
$address1,
$zipcode
); and it would escape all the values for you
Here is the function
function mressf()
{
$args = func_get_args();
if (count($args) < 2)
return false;
$query = array_shift($args);
$args = array_map('mysql_real_escape_string', $args);
array_unshift($args, $query);
$query = call_user_func_array('sprintf', $args);
return $query;
}
the sprintf mysql_real_escape_string function can aslo be found here (http://www.jaygilford.com/php/sprintf-and-mysql_real_escape_string-all-in-one-function/)
I hope this is of help to some of you :)