function esql_update($table, $update_array, $where_obj = null) { $table = mysql_real_escape_string($table); $update_array = escape_values($update_array); $set_list = array(); foreach ($update_array as $field => $value) { array_push($set_list, "`{$field}` = '{$value}'"); } $set_str = join($set_list, ', '); $where_str = esql_build_where($where_obj); $sql_string = "update `{$table}` set {$set_str} {$where_str}"; return esql_query($sql_string); }
function escape_values($array) { if (is_array($array)) { foreach ($array as &$array_value) { if (is_array($array_value)) { $array_value = escape_values($array_value); } else { if (strstr($array_value, "\\'") || strstr($array_value, '\\"') || strstr($array_value, "\\\\")) { $array_value = strip_tags(addslashes(stripslashes($array_value))); } else { $array_value = strip_tags(addslashes($array_value)); } } } } else { if (strstr($array, "\\'") || strstr($array, '\\"') || strstr($array, "\\\\")) { $array = strip_tags(addslashes(stripslashes($array))); } else { $array = strip_tags(addslashes($array)); } } return $array; }