}
}
-function buildSQLSet($fields, $values=null) {
- $ex = array('NOW()','NULL');
- $sql = 'SET';
+function buildSQLSet($fields, $values=null, $safeFields=false) {
+ $ex = array('NOW()','NULL','/FROM_UNIXTIME\(\d+\)/');
+ $sql = '';
$c = 0;
if (!is_null($values)) {
foreach($fields as $field) {
if ($c++) $sql .= ',';
- $sql .= " `$field`='".mysql_real_escape_string(array_shift($values))."'";
+ $value = array_shift($values);
+ if (is_numeric($value))
+ $sql .= " `$field`=".mysql_real_escape_string($value);
+ else
+ $sql .= " `$field`='".mysql_real_escape_string($value)."'";
}
} else {
foreach($fields as $field=>$value) {
if ($c++) $sql .= ',';
- if (in_array($value,$ex)) {
- $sql .= " `$field`= $value";
- } else {
+ if (in_array($value,$ex) || (is_array($safeFields) && in_array($field,$safeFields))) {
+ $sql .= " `$field`=$value";
+ } elseif (is_numeric($value)) {
+ $sql .= " `$field`=".mysql_real_escape_string($value);
+ } else {
$sql .= " `$field`='".mysql_real_escape_string($value)."'";
}
}
return $sql;
}
-function buildSQLInsert($array, $table=null) {
- $ex = array('NOW()','NULL');
+function buildSQLInsert($array, $table=null, $safeFields=false) {
+ $ex = array('NOW()','NULL','/FROM_UNIXTIME\(\d+\)/');
$sql = '(';
$c = 0;
foreach($array as $field=>$value) {
$sql .= ') VALUES (';
$c = 0;
foreach($array as $field=>$value) {
- $v = mysql_real_escape_string($value);
if ($c++) $sql .= ',';
- if (in_array($v, $ex))
- $sql .= " $v ";
- else
- $sql .= " '$v' ";
+ if (in_array($value, $ex) || (is_array($safeFields) && in_array($field,$safeFields))) {
+ $sql .= " $value ";
+ } else {
+ $value = mysql_real_escape_string($value);
+ if (is_numeric($value)) {
+ $sql .= " $value ";
+ } else {
+ $sql .= " '$value' ";
+ }
+ }
}
$sql .= ')';
return (is_null($table)?$sql:('INSERT INTO `'.$table.'` '.$sql));