├── examples └── examples.php ├── README.md └── pdo.php /examples/examples.php: -------------------------------------------------------------------------------- 1 | $_POST['name'], 6 | 'setting_value' => $_POST['value'], 7 | 'setting_explanation' => $_POST['desc'], ); 8 | 9 | insert('settings')->values($values); 10 | 11 | /** @example Update 12 | * 13 | */ 14 | update('calendars_events')->values(array('user_id' => $_SESSION['user_id'], 15 | 'title' => $_POST['title'], 16 | 'text' => $_POST['text'], 17 | 'start' => $_POST['start'], 18 | 'end' => $_POST['end'], 19 | 'allday' => $_POST['allday'], 20 | 'url' => $_POST['url'], 21 | 'color' => '#'.$_POST['color'], 22 | 'textColor' => '#'.$_POST['textColor'], ))->where('calendar_event_id = 1'); 23 | 24 | /** @example Delete 25 | * 26 | */ 27 | delete('contents_similars')->where('content_id = 1')->run(); 28 | 29 | /** @example Select 30 | * 31 | */ 32 | select('settings')->where('setting_group = 1')->order('setting_id ASC')->results(); 33 | 34 | /** @example Select 35 | * 36 | */ 37 | select('dynamic_tables')->where('dynamic_table_name = "settings"')->limit(1)->result('dynamic_table_rules'); 38 | 39 | /** @example Select with left join 40 | * 41 | */ 42 | select('contents')->left('langs ON langs.lang_id = contents.lang_id')->results(); 43 | 44 | /** @example Select with left join and using 45 | * 46 | */ 47 | select('contents')->left('langs')->using('lang_id')->results(); 48 | 49 | 50 | /** @example 51 | * 52 | */ 53 | find('contents', 2); -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

Query builder for PDO with memcache support

2 | 3 | It’s developed as fluent interface design. You can easily access to database just by using select functions anywhere you want. 4 | 5 | Build query: 6 | select(‘users’)->where(‘user_id = “’. $user_id .’” ’)->limit(1); 7 | 8 | Run query: 9 | select(‘users’)->where(‘user_id = “’. $user_id .’” ’)->limit(1)->run; 10 | 11 | Fetch result 12 | select(‘users’)->where(‘user_id = “’. $user_id .’” ’)->limit(1)->result(); 13 | 14 | 15 | Easy to read & write, isn’t it? You can use helper functions insert(), replace(), update(), delete() and select() in everywhere including functions without calling global $pdo. For other features please call global $pdo variable. 16 | 17 | Let’s look it deeply with examples… 18 | For examples I will use ‘users’ as table name of users, and ‘langs’ for table name of available languages 19 | 20 | find(‘users’, 1) 21 | Returns just one row of selected table with the match of first column 22 | 23 | select(‘users’) 24 | Returns the row of selected table 25 | It means “select * from” to change * use ->which() after select() 26 | 27 | left(‘langs ON langs.lang_id = users.lang_id’) 28 | LEFT JOIN statement for select, usage is; 29 | select(‘users’)->left(‘langs ON langs.lang_id = users.lang_id’)->results(); 30 | 31 | insert(‘users’)->values(array) 32 | insert(‘users’)->values(array(‘user_name’=>’Jon Snow’)); 33 | 34 | replace(‘users’)->values(array) 35 | replace(‘users’)->values(array(‘user_name’=>’Jon Snow’)); 36 | 37 | update(‘users’)->values(array) 38 | update(‘users’)->values(array(‘user_name’=>’Jon Snow’))->where(‘user_id = 1’); 39 | 40 | where() 41 | select(‘users’)->where(‘user_id = 1’)->result(); 42 | 43 | * which() 44 | I know which statement is a little bit odd but it’s simple and points * for select queries like; 45 | select(‘users’)->which(‘user_name, users.lang_id AS lang_id) 46 | 47 | group() 48 | select(‘users’)->group(‘lang_id’); 49 | 50 | have() 51 | select(‘users’)->have(‘lang_id’); 52 | 53 | order() 54 | ->order(‘user_id ASC’); 55 | 56 | limit() 57 | ->limit(10); 58 | 59 | offset() 60 | ->offset(10); 61 | 62 | column() – final function 63 | column(‘users’) 64 | 65 | write() – final function 66 | shows query 67 | 68 | * run() – final function 69 | ->run(); 70 | 71 | * result() – final function 72 | ->result(); 73 | 74 | * results() – final function 75 | ->results(); 76 | 77 | results_pairs() – final function (Beta) 78 | Gather results as pair, is very useful when working with lists 79 | ->results_pairs(); 80 | 81 | PS: 82 | You can send arrays as parameters to insert or update a column, query builder will automatically detect and change it into json 83 | -------------------------------------------------------------------------------- /pdo.php: -------------------------------------------------------------------------------- 1 | 7 | * @license http://www.gnu.org/copyleft/gpl.html GNU General Public License 8 | * @link http://guncebektas.com 9 | * @link http://github.com/guncebektas/lenkorm 10 | * 11 | * ->write : will show you the query string 12 | * ->run : will run the query 13 | * ->result : will return the result of selected result (only one row) 14 | * ->results : will return the results of query (multi row) 15 | * 16 | * otherwise you will only create query string! 17 | * 18 | * insert_id, find, columns, insert methods will be exacuted directly 19 | * 20 | * Examples: 21 | * 22 | * 1. THIS WILL SELECT ALL ROWS IN SLIDES TABLE 23 | select('slides')->results(); 24 | 25 | * 26 | * 27 | * 2. INSERT ARRAY INTO SLIDES TABLE 28 | 29 | insert('slides')->values(array('slide_img'=>$_POST['slide_img'], 30 | 'slide_title'=>$_POST['slide_title'], 31 | 'slide_text'=>$_POST['slide_text'], 32 | 'slide_href'=>$_POST['slide_href'])); 33 | 34 | * 35 | * 36 | * 3. UPDATE SLIDES TABLE 37 | 38 | update('slides')->values(array('slide_img'=>$_POST['slide_img'], 39 | 'slide_title'=>$_POST['slide_title'], 40 | 'slide_text'=>$_POST['slide_text'], 41 | 'slide_href'=>$_POST['slide_href']))->where('slide_id = 1'); 42 | 43 | * 44 | * PS 1: you can put array into values like values($_POST) if columns match with the index of array 45 | * 46 | * PS 2: use security function in where clause to block SQL injection like 47 | * ->where('slide_id = '.security($_GET['slide_id'])); 48 | */ 49 | 50 | /** 51 | * Settings to connect database 52 | */ 53 | $db = array( 54 | 'server' => 'localhost', 55 | 'db_name' => '', 56 | 'type' => 'mysql', 57 | 'user' => '', 58 | 'pass' => '', 59 | 'charset' => 'charset=utf8', 60 | ); 61 | 62 | $pdo = new _pdo($db); 63 | 64 | class _pdo extends PDO 65 | { 66 | /** Query string 67 | * 68 | * @access public 69 | * @var string 70 | */ 71 | public $query; 72 | 73 | /** Type of query such as insert or update, important to determine when the query will run 74 | * 75 | * @access public 76 | * @var string 77 | */ 78 | private $type; 79 | 80 | /** Values for update and insert statements 81 | * 82 | * @access public 83 | * @var string 84 | */ 85 | private $values; 86 | 87 | /** Caching with memcache 88 | * 89 | * @access public 90 | * @var bool 91 | */ 92 | public $memcache = false; 93 | public $cache_time = 600; 94 | 95 | public function __construct($db) 96 | { 97 | /* 98 | try 99 | { 100 | */ 101 | /* Connect to database */ 102 | parent::__construct($db['type'].':host='.$db['server'].';dbname='.$db['db_name'].';'.$db['charset'], $db['user'], $db['pass'], array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'")); 103 | /* Extend PDO statement class*/ 104 | $this->setAttribute(PDO::ATTR_STATEMENT_CLASS, array('_pdo_statement')); 105 | /* Disable emulated prepared statements */ 106 | $this->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); 107 | /* Set default fetch mode*/ 108 | $this->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); 109 | /* Include UPDATED QUERIES in to rowcount() function */ 110 | //$this->setAttribute(PDO::MYSQL_ATTR_FOUND_ROWS, true); 111 | /* Error mode is exception */ 112 | $this->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 113 | 114 | /* 115 | } 116 | catch(PDOException $e) 117 | { 118 | die('

Error: '. $e->getMessage(). '

119 |

File: '. $e->getFile(). '
120 |

Line: '. $e->getLine(). '

'); 121 | } 122 | */ 123 | } 124 | /** Returns the last inserted id 125 | * 126 | * @example last_id(); 127 | * @return int 128 | */ 129 | public function insert_id() 130 | { 131 | return $this->lastInsertId(); 132 | } 133 | /** Returns the selected row from selected table with 134 | * the match of first column 135 | * 136 | * @example find('coupons', 5); 137 | * @param string $table name of the table in the database 138 | * @param int $id unique id of table which is in the first column of table 139 | * @return array 140 | */ 141 | public function find($table, $id) 142 | { 143 | $columns = $this->column(security($table)); 144 | 145 | return $this->select(security($table))->where($columns['Field'].' = '.security($id))->limit(1)->result(); 146 | } 147 | /** Selects the table 148 | * 149 | * @example select('coupons')->where('coupon_id = 5')->result(); 150 | * 151 | * @param string $table name of the table in the database 152 | * @return string 153 | */ 154 | public function select($table) 155 | { 156 | $this->query = 'SELECT * FROM '.security($table).' '; 157 | 158 | return $this; 159 | } 160 | /** LEFT JOIN function 161 | * 162 | * @example select('contents')->left('categories ON categories.category_id = contents.category_id')->where('author_id = 2')->results(); 163 | * 164 | * @param string $condition clause for left join 165 | * @return string 166 | */ 167 | public function left($condition) 168 | { 169 | $this->query .= 'LEFT JOIN '.security($condition).' '; 170 | 171 | return $this; 172 | } 173 | /** USING clause 174 | * 175 | * @example select('contents')->left('categories')->using('category_id')->where('content_id = 2')->result(); 176 | * 177 | * @param string $column column name for using clause 178 | * @return string 179 | */ 180 | public function using($column) 181 | { 182 | $this->query .= ' USING ('.security($column).')'; 183 | 184 | return $this; 185 | } 186 | /** Insert and Update methods are determining private variable type and these two methods are working with values method 187 | * 188 | * Insert prepares the statement and runs it with the given variables 189 | * Update prepates the statement but where methods runs it because of the syntex 190 | * 191 | * @example insert('coupons')->values(array[]); 192 | * 193 | * @param string $table table name 194 | * @return string 195 | */ 196 | public function insert($table) 197 | { 198 | $this->type = 'insert'; 199 | 200 | $this->query = 'INSERT INTO '.security($table).' '; 201 | 202 | return $this; 203 | } 204 | public function replace($table) 205 | { 206 | $this->type = 'insert'; 207 | 208 | $this->query = 'REPLACE INTO '.security($table).' '; 209 | 210 | return $this; 211 | } 212 | public function update($table) 213 | { 214 | $this->type = 'update'; 215 | 216 | $this->query = 'UPDATE '.security($table).' SET '; 217 | 218 | return $this; 219 | } 220 | /** Delete from table, if key is not empty method will delete row by the first column match 221 | * 222 | * @example delete('coupons')->where('coupon_id = 5'); 223 | * 224 | * @param string $table table name 225 | * @param int $id unique id to match with the first column of table 226 | * @return deletes from the table 227 | */ 228 | public function delete($table, $id = '') 229 | { 230 | if (empty($id)) { 231 | $this->query = 'DELETE FROM '.security($table).' '; 232 | 233 | return $this; 234 | } else { 235 | // Key is not empty, so delete by first column match 236 | $columns = $this->column($table); 237 | $this->delete($table)->where(''.security($columns['Field']).' = "'.security($id).'"')->limit(1)->run(); 238 | } 239 | } 240 | /** Alter table 241 | * 242 | * @param string $table table name 243 | * @return string 244 | */ 245 | public function alter($table) 246 | { 247 | $this->query = 'ALTER TABLE '.security($table).' '; 248 | 249 | return $this; 250 | } 251 | /** Rename table 252 | * 253 | * @example alter('slides')->rename_to('carousel'); 254 | * 255 | * @param string $new_name table name 256 | * @return runs query 257 | */ 258 | public function rename_to($new_name) 259 | { 260 | $this->query .= 'RENAME TO '.security($column).' '.security($datatype); 261 | 262 | $this->query($this->query); 263 | } 264 | /** Add column into table 265 | * 266 | * @example alter('slides')->add_column('slide_index','slide_id'); 267 | * 268 | * @param string $column column name 269 | * @param string $datatype data type 270 | * @return runs query 271 | */ 272 | public function add_column($column, $datatype) 273 | { 274 | $this->query .= 'MODIFY COLUMN '.security($column).' '.security($datatype); 275 | 276 | $this->query($this->query); 277 | } 278 | /** Drop column from table 279 | * 280 | * @example alter('slides')->drop_column('slides'); 281 | * 282 | * @param string $column column name 283 | * @param string $datatype data type 284 | * @return runs query 285 | */ 286 | public function drop_column($column) 287 | { 288 | $this->query .= 'DROP COLUMN '.security($column); 289 | 290 | $this->query($this->query); 291 | } 292 | /** Add index into table 293 | * 294 | * @example alter('slides')->add_index('slide_index','slide_id'); 295 | * 296 | * @param string $name table name 297 | * @param string $column column name 298 | * @return runs query 299 | */ 300 | public function add_index($name, $column) 301 | { 302 | $this->query .= 'ADD INDEX '.security($name).' ('.security($column).')'; 303 | 304 | $this->query($this->query); 305 | } 306 | /** Increase a value 307 | * 308 | * @example update('coupons')->increase('coupon_amount')->where('coupon_id = 2'); 309 | * 310 | * @param string $column column name of table 311 | * @param int optional $value amount to increase 312 | * @return string 313 | */ 314 | public function increase($column, $value = 1) 315 | { 316 | $column = security($column); 317 | $this->query .= $column.' = '.$column.' + '.(int)$value.' '; 318 | 319 | return $this; 320 | } 321 | /** Decrease a value 322 | * 323 | * @example update('coupons')->decrease('coupon_amount', 4)->where('coupon_id = 2'); 324 | * 325 | * @param string $column column name of table 326 | * @param int optional $value amount to decrease 327 | * @return string 328 | */ 329 | public function decrease($column, $value = 1) 330 | { 331 | $column = security($column); 332 | $this->query .= $column.' = '.$column.' - '.(int)$value.' '; 333 | 334 | return $this; 335 | } 336 | /** Values method prepares the query for insert and update methods 337 | * It also runs the query for insert queries, update queries will run after where clause is completed 338 | * 339 | * @example insert('coupons')->values(array[]); 340 | * 341 | * @param array $values the array to insert or update 342 | * @return string 343 | */ 344 | public function values($values) 345 | { 346 | $this->values = $values; 347 | 348 | $keys = array_keys($values); 349 | $vals = array_values($values); 350 | 351 | /* INSERT INTO books (title,author) VALUES (:title,:author); */ 352 | if ($this->type == 'insert') { 353 | $row = '('; 354 | for ($i = 0; $i < count($values); $i++) { 355 | $row .= $keys[$i]; 356 | 357 | if ($i != count($values) - 1) { 358 | $row .= ', '; 359 | } else { 360 | $row .= ') VALUES ('; 361 | } 362 | } 363 | for ($i = 0; $i < count($values); $i++) { 364 | $row .= ':'.$keys[$i]; 365 | 366 | if ($i != count($values) - 1) { 367 | $row .= ', '; 368 | } else { 369 | $row .= ')'; 370 | } 371 | } 372 | $this->query .= security($row); 373 | $query = $this->prepare($this->query); 374 | 375 | // If the values are formed as an array than encode it 376 | foreach ($values AS $value){ 377 | if (is_array($value)) 378 | $value = json_encode($value); 379 | 380 | $res[] = $value; 381 | } 382 | /* 383 | echo $this->query; 384 | // Bind params 385 | foreach ($keys AS $key){ 386 | $this->bindParam(':'.$key, $key); 387 | } 388 | */ 389 | $query->execute($res); 390 | } 391 | /* UPDATE books SET title=:title, author=:author */ 392 | elseif ($this->type == 'update') { 393 | for ($i = 0; $i < count($values); $i++) { 394 | $this->query .= security($keys[$i]).' = :'.security($keys[$i]).' '; 395 | if ($i != count($values) - 1) { 396 | $this->query .= ', '; 397 | } 398 | } 399 | 400 | return $this; 401 | } 402 | } 403 | /** Where condition 404 | * 405 | * @param string $condition condition to appand select, update, delete etc... 406 | * @return string, if prepended query has update method it also exacutes update 407 | */ 408 | public function where($condition) 409 | { 410 | $this->query .= ' WHERE '.$condition; 411 | 412 | if ($this->type == 'update') { 413 | $query = $this->prepare($this->query); 414 | 415 | // If the values are formed as an array than encode it 416 | foreach ($this->values AS $value){ 417 | if (is_array($value)) 418 | $value = json_encode($value); 419 | 420 | $res[] = $value; 421 | } 422 | 423 | $query->execute($res); 424 | 425 | return $this; 426 | } else { 427 | return $this; 428 | } 429 | } 430 | /** Which columns, condition will replace with * 431 | * 432 | * @param string $codition clause to replace with * 433 | * @return string 434 | */ 435 | public function which($condition) 436 | { 437 | $this->query = str_replace('*', security($condition), $this->query); 438 | 439 | return $this; 440 | } 441 | /** Group condition 442 | * 443 | * @param string $codition group by clause 444 | * @return string 445 | */ 446 | public function group($condition) 447 | { 448 | $this->query .= ' GROUP BY '.security($condition);; 449 | 450 | return $this; 451 | } 452 | /** Having condition 453 | * 454 | * @param string $condition having clause 455 | * @return string 456 | */ 457 | public function have($condition) 458 | { 459 | $this->query .= ' HAVING '.$condition; 460 | 461 | return $this; 462 | } 463 | /** Order condition 464 | * 465 | * @param string $condition order by clause 466 | * @return string 467 | */ 468 | public function order($condition) 469 | { 470 | $this->query .= ' ORDER BY '.security($condition); 471 | 472 | return $this; 473 | } 474 | /** Limit condition 475 | * 476 | * @example select('contents')->where('author_id = 2')->order('content_time DESC')->limit(100); 477 | * 478 | * @param int $limit 479 | * @return string 480 | */ 481 | public function limit($limit = 3000) 482 | { 483 | $this->query .= ' LIMIT '. security($limit).' '; 484 | 485 | return $this; 486 | } 487 | /** Offset condition 488 | * 489 | * @param int $offset 490 | * @return string 491 | */ 492 | public function offset($offset = 3000) 493 | { 494 | $this->query .= ' OFFSET '. security($offset).' '; 495 | 496 | return $this; 497 | } 498 | /** Return the columns of table 499 | * 500 | * @example column('coupons') 501 | * 502 | * @param string $table 503 | * @return array 504 | */ 505 | public function column($table) 506 | { 507 | $query = $this->query('SHOW COLUMNS FROM '.security($table)); 508 | 509 | return $query->fetch(); 510 | } 511 | /** Writes query string to screen, not works with methods, which returns data set, such as find, coluns etc... 512 | * 513 | * @example select('coupons')->where('coupon_id = 5')->write(); 514 | * @return writes query string to screen 515 | */ 516 | final public function write() 517 | { 518 | echo $this->query; 519 | } 520 | /** Runs the query 521 | * 522 | * @param $return will return query, no need to change it 523 | * @return if $return is true function returns query 524 | */ 525 | final public function run($return = false) 526 | { 527 | if ($return) { 528 | return $this->query($this->query); 529 | } 530 | 531 | $this->query($this->query); 532 | } 533 | /** Run and get the value of query 534 | * 535 | * @example select('coupons')->where('coupon_id = 5')->result(); 536 | * @example select('coupons')->where('coupon_id = 5')->result('coupon_name); 537 | * 538 | * @param string optional $key 539 | * @return if $key is empty it returns an array else a string 540 | */ 541 | final public function result($key = '') 542 | { 543 | if (!$this->memcache) { 544 | $query = $this->run(true); 545 | 546 | if (!$key) { 547 | return $query->fetch(); 548 | } else { 549 | $result = $query->fetch(); 550 | 551 | return $result[$key]; 552 | } 553 | } 554 | 555 | $memcache = new Memcache(); 556 | $memcache->connect('127.0.0.1', 11211) or die('MemCached connection error!'); 557 | 558 | $data = $memcache->get('query-'.md5($this->query)); 559 | 560 | if (!isset($data) || $data === false) { 561 | $query = $this->run(true); 562 | 563 | if (!$key) { 564 | return $query->fetch(); 565 | } else { 566 | $result = $query->fetch(); 567 | 568 | return $result[$key]; 569 | } 570 | 571 | $memcache->set('query-'.md5($this->query), $result, MEMCACHE_COMPRESSED, $this->cache_time); 572 | 573 | return $result; 574 | } else { 575 | return $data; 576 | } 577 | } 578 | /** Runs and fetchs the result set of the query 579 | * 580 | * @example select('coupons')->where('coupon_id = 5')->results(); 581 | * 582 | * @return array results set 583 | */ 584 | final public function results($cache = true) 585 | { 586 | if (!$this->memcache || $cache == false) { 587 | $query = $this->run(true); 588 | $results = $query->fetch_array(); 589 | 590 | return $results; 591 | } 592 | 593 | $memcache = new Memcache(); 594 | $memcache->connect('127.0.0.1', 11211) or die('MemCached connection error!'); 595 | 596 | $data = $memcache->get('query-'.md5($this->query)); 597 | if (!isset($data) || $data === false) { 598 | $query = $this->run(true); 599 | $results = $query->fetch_array(); 600 | 601 | $memcache->set('query-'.md5($this->query), $results, MEMCACHE_COMPRESSED, $this->cache_time); 602 | 603 | return $results; 604 | } else { 605 | return $data; 606 | } 607 | } 608 | /** Gather results as pair, is very useful when working with lists 609 | * 610 | * @param string $key 611 | * @param string $values 612 | * @return array data set as pairs 613 | */ 614 | final public function results_pairs($key, $values = '') 615 | { 616 | $results = $this->results(); 617 | 618 | foreach ($results as $result) { 619 | foreach ($values as $value) { 620 | $res[$result[$key]][$value] = $result[$value]; 621 | } 622 | } 623 | 624 | return $res; 625 | } 626 | /** Number of rows 627 | * 628 | * @example select('users')->num_rows(); 629 | * @return integer 630 | */ 631 | final public function num_rows() 632 | { 633 | $query = $this->run(true); 634 | return $query->num_rows(); 635 | 636 | $results = $query->fetch_array(); 637 | return count($results); 638 | } 639 | } 640 | /* Extend PDOStatement for some methods */ 641 | class _pdo_statement extends PDOStatement 642 | { 643 | /* Set the rule of fetchAll. Values will be returned as PDO::FETCH_ASSOC in fetch_array and fetch_assoc functions */ 644 | public function fetch_array() 645 | { 646 | return $this->fetchAll(PDO::FETCH_ASSOC); 647 | } 648 | public function fetch_assoc($result) 649 | { 650 | return $this->fetchAll(PDO::FETCH_ASSOC); 651 | } 652 | /* Return number of rows */ 653 | public function num_rows() 654 | { 655 | return $this->rowcount(); 656 | } 657 | /* Return affected wors */ 658 | public function affected_rows() 659 | { 660 | return $this->rowcount(); 661 | } 662 | } 663 | 664 | /* Use these functions instead of $pdo->select() usage. 665 | * 666 | */ 667 | 668 | /** 669 | * @example select('slides')->results(); 670 | * 671 | * or 672 | * 673 | * @example select('slides')->where('slide_id = 2')->limit(1)->result(); 674 | * 675 | */ 676 | function select($table) 677 | { 678 | global $pdo; 679 | 680 | return $pdo->select($table); 681 | } 682 | /** 683 | * @example find('slides',3); 684 | * 685 | */ 686 | function find($table, $id) 687 | { 688 | global $pdo; 689 | 690 | return $pdo->find($table, $id); 691 | } 692 | /** 693 | * @example insert('slides')->values(array('slide_img'=>$_POST['slide_img'], 'slide_title'=>$_POST['slide_title'],'slide_text'=>$_POST['slide_text'],'slide_href'=>$_POST['slide_href'])); 694 | * 695 | */ 696 | function insert($table) 697 | { 698 | global $pdo; 699 | 700 | return $pdo->insert($table); 701 | } 702 | function replace($table) 703 | { 704 | global $pdo; 705 | 706 | return $pdo->replace($table); 707 | } 708 | /** 709 | * @example update('slides')->values(array('slide_img'=>$_POST['slide_img'], 'slide_href'=>$_POST['slide_href']))->where('slide_id = 1'); 710 | * 711 | */ 712 | function update($table) 713 | { 714 | global $pdo; 715 | 716 | return $pdo->update($table); 717 | } 718 | /** 719 | * @example delete('slides')->where('slide_id = 2'); 720 | * 721 | * or 722 | * 723 | * @example delete('slides',2); 724 | * 725 | */ 726 | function delete($table, $key = '') 727 | { 728 | global $pdo; 729 | 730 | return $pdo->delete($table, $key); 731 | } 732 | /** 733 | * @example alter('slides')->add_index('slide_index', 'slide_id'); 734 | * 735 | */ 736 | function alter($table) 737 | { 738 | global $pdo; 739 | 740 | return $pdo->alter($table); 741 | } 742 | /** 743 | * @example last_id(); 744 | * 745 | */ 746 | function last_id() 747 | { 748 | global $pdo; 749 | 750 | return $pdo->insert_id(); 751 | } 752 | 753 | /** Main security function to check strings 754 | * 755 | * @param string $input 756 | * @return string 757 | */ 758 | function security($input) 759 | { 760 | // Clear not allowed chars 761 | $input = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $input); 762 | 763 | // Search for these 764 | $search = 'abcdefghijklmnopqrstuvwxyz'; 765 | $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; 766 | $search .= '1234567890!@#$%^&*()'; 767 | $search .= '~`";:?+/={}[]-_|\'\\'; 768 | 769 | // Clear not allowed chars again 770 | for ($i = 0; $i < strlen($search); $i++) { 771 | $input = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $input); 772 | $input = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $input); 773 | } 774 | 775 | // Remove java, flash etc.. 776 | $ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); 777 | $ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); 778 | 779 | // Merge arrays 780 | $ra = array_merge($ra1, $ra2); 781 | 782 | // Remove possible threats which are defined above 783 | $find = true; 784 | while ($find == true) { 785 | $first = $input; 786 | for ($i = 0; $i < sizeof($ra); $i++) { 787 | $action = '/'; 788 | for ($j = 0; $j < strlen($ra[$i]); $j++) { 789 | if ($j > 0) { 790 | $action .= '('; 791 | $action .= '(&#[x|X]0{0,8}([9][a][b]);?)?'; 792 | $action .= '|(�{0,8}([9][10][13]);?)?'; 793 | $action .= ')?'; 794 | } 795 | $action .= $ra[$i][$j]; 796 | } 797 | 798 | $action .= '/i'; 799 | $change = substr($ra[$i], 0, 2).''.substr($ra[$i], 2); 800 | $input = preg_replace($action, $change, $input); 801 | 802 | if ($first == $input) { 803 | $find = false; 804 | } 805 | } 806 | } 807 | 808 | // Allowed tags 809 | $result = strip_tags($input, '


');
810 | 
811 |     // Change special chars to their html version
812 |     $result = htmlspecialchars($result);
813 | 
814 |     // \n to 

815 |     $result = str_replace("\n", '
', $result);
816 | 
817 |     // Add slash
818 |     $result = addslashes($result);
819 | 
820 |     return $result;
821 | }
822 | 
823 | /** Clear unnecessary chars
824 |  * 
825 |  * @param string  $input
826 |  * @return string
827 |  */
828 | function clean($input)
829 | {
830 |     $input = str_replace("\'", "'", $input);
831 |     $input = str_replace('\\\\', '\\', $input);
832 |     $input = str_replace('
', "\n", $input);
833 |     $input = str_replace('&', '&', $input);
834 |     $input = str_replace('"', '"', $input);
835 |     $input = str_replace('<', '<', $input);
836 |     $input = str_replace('>', '>', $input);
837 | 
838 |     return $input;
839 | }


--------------------------------------------------------------------------------