function dbMakeQuery($sql, $parameters) { // bypass extra logic if we have no parameters if (sizeof($parameters) == 0) { return $sql; } $parameters = dbPrepareData($parameters); // separate the two types of parameters for easier handling $questionParams = array(); $namedParams = array(); foreach ($parameters as $key => $value) { if (is_numeric($key)) { $questionParams[] = $value; } else { $namedParams[':' . $key] = $value; } } // sort namedParams in reverse to stop substring squashing krsort($namedParams); // split on question-mark and named placeholders $result = preg_split('/(\\?|:[a-zA-Z0-9_-]+)/', $sql, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE); // every-other item in $result will be the placeholder that was found $query = ''; $res_size = sizeof($result); for ($i = 0; $i < $res_size; $i += 2) { $query .= $result[$i]; $j = $i + 1; if (array_key_exists($j, $result)) { $test = $result[$j]; if ($test == '?') { $query .= array_shift($questionParams); } else { $query .= $namedParams[$test]; } } } return $query; }
function dbMakeQuery($sql, $parameters) { // bypass extra logic if we have no parameters if (sizeof($parameters) == 0) { return $sql; } $parts = explode('?', $sql); $query = array_shift($parts); // put on first part $parameters = dbPrepareData($parameters); $newParams = array(); // replace question marks first foreach ($parameters as $key => $value) { if (is_numeric($key)) { $query .= $value . array_shift($parts); //$newParams[ $key ] = $value; } else { $newParams[':' . $key] = $value; } } // now replace name place-holders // replace place-holders with quoted, escaped values /* var_dump($query); var_dump($newParams);exit; */ // sort newParams in reverse to stop substring squashing krsort($newParams); $query = str_replace(array_keys($newParams), $newParams, $query); //die($query); return $query; }