/** * _parseQueryParams * * @param string $sql * @param array $params * * @return string */ private function _parseQueryParams($sql, array $params) { // is there anything to parse? if (strpos($sql, '?') === false) { return $sql; } if (count($params) > 0) { $parseKey = md5(uniqid(mt_rand(), true)); $sql = str_replace('?', $parseKey, $sql); $k = 0; while (strpos($sql, $parseKey) !== false) { $value = $this->secure($params[$k]); $sql = UTF8::str_replace_first($parseKey, $value, $sql); $k++; } } return $sql; }