[wp-trac] Re: [WordPress Trac] #5178: New $wpdb methods: insert(),
update()
WordPress Trac
wp-trac at lists.automattic.com
Sat Oct 13 00:55:42 GMT 2007
#5178: New $wpdb methods: insert(), update()
-------------------------+--------------------------------------------------
Reporter: markjaquith | Owner: anonymous
Type: enhancement | Status: closed
Priority: normal | Milestone: 2.4
Component: General | Version:
Severity: normal | Resolution: fixed
Keywords: |
-------------------------+--------------------------------------------------
Changes (by markjaquith):
* summary: New $wpdb methods: db_insert(), db_update() => New $wpdb
methods: insert(), update()
Old description:
> Ryan proposed these methods to me. I cleaned them up a bit and added
> sanitization.
>
> {{{
> /**
> * Insert an array of data into a table
> * @param string $table WARNING: not sanitized!
> * @param array $data should not already be SQL-escaped
> * @return mixed results of $this->query()
> */
> function db_insert($table, $data) {
> $data = add_magic_quotes($data);
> $fields = array_keys($data);
> return $this->query("INSERT INTO $table (`" .
> implode('`,`',$fields) . "`) VALUES ('".implode("','",$data)."')");
> }
>
> /**
> * Update a row in the table with an array of data
> * @param string $table WARNING: not sanitized!
> * @param array $data should not already be SQL-escaped
> * @param string $where_col the column of the WHERE statement.
> WARNING: not sanitized!
> * @param string $where_val the value of the WHERE statement.
> Should not already be SQL-escaped.
> * @return mixed results of $this->query()
> */
> function db_update($table, $data, $where_col, $where_val){
> $data = add_magic_quotes($data);
> $bits = array();
> foreach ( array_keys($data) as $k )
> $bits[] = "`$k`='$data[$k]'";
> $where_val = $wpdb->escape($where_val);
> return $this->query("UPDATE $table SET ".implode(',
> ',$bits)." WHERE $where_col = '$where_val' LIMIT 1");
> }
> }}}
>
> First place to use this is in wp_insert_post()
New description:
Ryan proposed these methods to me. I cleaned them up a bit and added
sanitization.
{{{
/**
* Insert an array of data into a table
* @param string $table WARNING: not sanitized!
* @param array $data should not already be SQL-escaped
* @return mixed results of $this->query()
*/
function insert($table, $data) {
$data = add_magic_quotes($data);
$fields = array_keys($data);
return $this->query("INSERT INTO $table (`" .
implode('`,`',$fields) . "`) VALUES ('".implode("','",$data)."')");
}
/**
* Update a row in the table with an array of data
* @param string $table WARNING: not sanitized!
* @param array $data should not already be SQL-escaped
* @param string $where_col the column of the WHERE statement.
WARNING: not sanitized!
* @param string $where_val the value of the WHERE statement.
Should not already be SQL-escaped.
* @return mixed results of $this->query()
*/
function update($table, $data, $where_col, $where_val){
$data = add_magic_quotes($data);
$bits = array();
foreach ( array_keys($data) as $k )
$bits[] = "`$k`='$data[$k]'";
$where_val = $this->escape($where_val);
return $this->query("UPDATE $table SET ".implode(',
',$bits)." WHERE $where_col = '$where_val' LIMIT 1");
}
}}}
First place to use this is in wp_insert_post()
Comment:
Changed the method names.
--
Ticket URL: <http://trac.wordpress.org/ticket/5178#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list