[wp-hackers] Patch for addition to wpdb

Satyam Satyam at satyam.com.ar
Mon May 15 19:43:02 GMT 2006


Hi everybody

I was modifying a plug-in I'm using and was about to add a function that I 
have been dragging from several languages I've used over the years.  Since 
the function is of general use, I thought it might as well be put into the 
core of WordPress, so I decided to enter this list and offer it and request 
comments and ask for guidance on how to submit it for review

It can be added easily and harmlessly to the method query without even 
breaking existing code.

It is a sort of sprintf() but oriented to SQL.  As with sprintf, if it has 
no %placeholder, it returns the same string, thus it can be inserted into 
wpdb::query without breaking anything.   Since % is a valid operator in SQL, 
I used ?, which is not.

The following:

echo BuildSql('Insert into ?ttable 
(?s,?ns,?mi,?d,?ni,?i)','Something','',5,time(),0,null);

echoes:

 Insert into wp_table ('Something',null,5,'2006-05-15',null,0)

Notice the ?t placeholder in front ot table.  The ?t placeholder is replaced 
by the contents of global variable $table_prefix, strings are escaped and 
quoted, dates are put into SQL standard format ints, floats and booleans are 
actually evaluated so that there cannot be any unexpected things injected.

The piece of code is not long, buy I am hesitant to include it in this 
message or attach it since I am not familiar with the ways of this list. 
The code is commented and has phpdocumentor comments at the top.  Can anyone 
guide me on how (and where, if not here) to offer it for comments?

Thanks

Satyam



More information about the wp-hackers mailing list