[wp-trac] [WordPress Trac] #5178: New $wpdb methods: db_insert(),
db_update()
WordPress Trac
wp-trac at lists.automattic.com
Wed Oct 10 21:57:18 GMT 2007
#5178: New $wpdb methods: db_insert(), db_update()
-------------------------+--------------------------------------------------
Reporter: markjaquith | Owner: anonymous
Type: enhancement | Status: new
Priority: normal | Milestone: 2.4
Component: General | Version:
Severity: normal | Keywords:
-------------------------+--------------------------------------------------
Ryan proposed these methods to me. I cleaned them up a bit and added
sanitization.
{{{
/**
* Insert an array of data into a table
* @param string $table WARNING: not sanitized!
* @param array $data should not already be SQL-escaped
* @return mixed results of $this->query()
*/
function db_insert($table, $data) {
$data = add_magic_quotes($data);
$fields = array_keys($data);
return $this->query("INSERT INTO $table (`" .
implode('`,`',$fields) . "`) VALUES ('".implode("','",$data)."')");
}
/**
* Update a row in the table with an array of data
* @param string $table WARNING: not sanitized!
* @param array $data should not already be SQL-escaped
* @param string $where_col the column of the WHERE statement.
WARNING: not sanitized!
* @param string $where_val the value of the WHERE statement.
Should not already be SQL-escaped.
* @return mixed results of $this->query()
*/
function db_update($table, $data, $where_col, $where_val){
$data = add_magic_quotes($data);
$bits = array();
foreach ( array_keys($data) as $k )
$bits[] = "`$k`='$data[$k]'";
$where_val = $wpdb->escape($where_val);
return $this->query("UPDATE $table SET ".implode(',
',$bits)." WHERE $where_col = '$where_val' LIMIT 1");
}
}}}
First place to use this is in wp_insert_post()
--
Ticket URL: <http://trac.wordpress.org/ticket/5178>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list