/**
* _parseQueryParams
*
* @param string $sql
* @param array $params
*
* @return string
*/
private function _parseQueryParams($sql, array $params)
{
// is there anything to parse?
if (strpos($sql, '?') === false) {
return $sql;
}
if (count($params) > 0) {
$parseKey = md5(uniqid(mt_rand(), true));
$sql = str_replace('?', $parseKey, $sql);
$k = 0;
while (strpos($sql, $parseKey) !== false) {
$value = $this->secure($params[$k]);
$sql = UTF8::str_replace_first($parseKey, $value, $sql);
$k++;
}
}
return $sql;
}
