Real escape, using mysqli_real_escape_string() or mysql_real_escape_string()
| public _real_escape ( string $string ) : string | ||
| $string | string | to escape |
| return | string | escaped |
/**
* Constructor
*
* @param array $tables Table names as keys, columns as value arrays
* @param string $from String to find, will be escaped.
* @param string $replacement String to use as replacement, will be escaped.
* @param wpdb $wpdb
*/
public function __construct(array $tables, $from, $replacement, wpdb $wpdb)
{
$this->tables = $tables;
$this->from = $wpdb->_real_escape($from);
$this->replacement = $wpdb->_real_escape($replacement);
$this->wpdb = $wpdb;
}
public function search($word, $orderby = NULL, $order = 'DESC', $limit = '', $select = '*')
{
$word = $this->_wpdb->_real_escape($word);
$orderby = $orderby ? $orderby : $this->_pk;
$query = 'SELECT ' . $select . ' FROM ' . $this->_table();
$where = '';
foreach ($this->_wpdb->get_results('SHOW COLUMNS FROM ' . $this->_table()) as $fieldParam) {
if (stripos($fieldParam->Type, 'text') === FALSE && stripos($fieldParam->Type, 'varchar') === FALSE) {
continue;
}
$where .= ($where ? ' OR ' : ' WHERE ') . $fieldParam->Field . " LIKE '" . $word . "%'";
}
$result = array();
foreach ($this->_wpdb->get_results($query . $where . ' ORDER BY ' . $orderby . ' ' . $order . ' ' . $limit, 'ARRAY_A') as $objectData) {
$className = get_class($this);
$result[] = new $className($objectData);
}
return $result;
}
