Real escape, using mysqli_real_escape_string() or mysql_real_escape_string()
public _real_escape ( string $string ) : string | ||
$string | string | to escape |
Результат | string | escaped |
/** * Constructor * * @param array $tables Table names as keys, columns as value arrays * @param string $from String to find, will be escaped. * @param string $replacement String to use as replacement, will be escaped. * @param wpdb $wpdb */ public function __construct(array $tables, $from, $replacement, wpdb $wpdb) { $this->tables = $tables; $this->from = $wpdb->_real_escape($from); $this->replacement = $wpdb->_real_escape($replacement); $this->wpdb = $wpdb; }
public function search($word, $orderby = NULL, $order = 'DESC', $limit = '', $select = '*') { $word = $this->_wpdb->_real_escape($word); $orderby = $orderby ? $orderby : $this->_pk; $query = 'SELECT ' . $select . ' FROM ' . $this->_table(); $where = ''; foreach ($this->_wpdb->get_results('SHOW COLUMNS FROM ' . $this->_table()) as $fieldParam) { if (stripos($fieldParam->Type, 'text') === FALSE && stripos($fieldParam->Type, 'varchar') === FALSE) { continue; } $where .= ($where ? ' OR ' : ' WHERE ') . $fieldParam->Field . " LIKE '" . $word . "%'"; } $result = array(); foreach ($this->_wpdb->get_results($query . $where . ' ORDER BY ' . $orderby . ' ' . $order . ' ' . $limit, 'ARRAY_A') as $objectData) { $className = get_class($this); $result[] = new $className($objectData); } return $result; }