function esql_update($table, $update_array, $where_obj = null)
{
$table = mysql_real_escape_string($table);
$update_array = escape_values($update_array);
$set_list = array();
foreach ($update_array as $field => $value) {
array_push($set_list, "`{$field}` = '{$value}'");
}
$set_str = join($set_list, ', ');
$where_str = esql_build_where($where_obj);
$sql_string = "update `{$table}` set {$set_str} {$where_str}";
return esql_query($sql_string);
}
function escape_values($array)
{
if (is_array($array)) {
foreach ($array as &$array_value) {
if (is_array($array_value)) {
$array_value = escape_values($array_value);
} else {
if (strstr($array_value, "\\'") || strstr($array_value, '\\"') || strstr($array_value, "\\\\")) {
$array_value = strip_tags(addslashes(stripslashes($array_value)));
} else {
$array_value = strip_tags(addslashes($array_value));
}
}
}
} else {
if (strstr($array, "\\'") || strstr($array, '\\"') || strstr($array, "\\\\")) {
$array = strip_tags(addslashes(stripslashes($array)));
} else {
$array = strip_tags(addslashes($array));
}
}
return $array;
}
