/** * Execute an SQL query on the database * * @param resource $db Database handler * @param array $bindings Array of PDO binding values from bind() to be * used for safely escaping strings. Note that this can be given as the * SQL query string if no bindings are required. * @param string $sql SQL query to execute. * @return array Result from the query (all rows) */ static function sql_exec($db, $bindings, $sql = null) { // Argument shifting if ($sql === null) { $sql = $bindings; } $stmt = $db->prepare($sql); //echo $sql; // Bind parameters if (is_array($bindings)) { for ($i = 0, $ien = count($bindings); $i < $ien; $i++) { $binding = $bindings[$i]; $stmt->bindValue($binding['key'], $binding['val'], $binding['type']); } } // Execute try { $stmt->execute(); } catch (PDOException $e) { SSP::fatal("An SQL error occurred: " . $e->getMessage()); } // Return all return $stmt->fetchAll(); }
/** * Execute an SQL query on the database * * @param resource $db Database handler * @param array $bindings Array of PDO binding values from bind() to be * used for safely escaping strings. Note that this can be given as the * SQL query string if no bindings are required. * @param string $sql SQL query to execute. * @return array Result from the query (all rows) */ static function sql_exec($conn, $bindings, $sql = null) { try { if ($sql === null) { $rs = $conn->Execute($bindings); return $rs->getArray(); } else { $rs = $conn->Execute($sql, $bindings); return $rs->getArray(); } } catch (Exception $e) { SSP::fatal("An SQL error occurred: " . $e->getMessage()); } }