Permalink
Browse files

improved clean functions.

  • Loading branch information...
1 parent 1aa2959 commit e36b1f9dfd4453f6643f56813eac758c962e840d @keverw committed Dec 7, 2012
Showing with 48 additions and 6 deletions.
  1. +19 −2 PastaDB.php
  2. +1 −1 README.md
  3. +28 −3 docs/PastaDB/clean.md
View
@@ -1,7 +1,7 @@
<?php
/**
* @project PastaDB
-* @version 0.8
+* @version 0.9
* @url https://github.com/keverw/PastaDB
* @about A powerful yet simple database abstraction layer library
**/
@@ -80,7 +80,24 @@ public function clean($mixedValue)
$mixedValue = stripcslashes($mixedValue);
}
- return addcslashes($this->DBH->real_escape_string($mixedValue), '%'); //escapes using real_escape_string, then escape % (percent) signs
+ return $this->DBH->real_escape_string($mixedValue); //escapes using real_escape_string
+ }
+
+ public function cleanLike($mixedValue)
+ {
+ if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
+ {
+ $mixedValue = stripcslashes($mixedValue);
+ }
+
+ return str_replace(array('%', '_'), array('\\%', '\_'), $mixedValue);
+ }
+
+ public function cleanBoth($mixedValue)
+ {
+ return $this->clean(
+ $this->cleanLike($mixedValue)
+ );
}
public function query($string)
View
@@ -1,4 +1,4 @@
-PastaDB 0.8
+PastaDB 0.9
=======
Work with pasta, then we'll make the spaghetti! PastaDB aims to be a powerful yet simple database abstraction layer library.
View
@@ -3,8 +3,33 @@
```
clean($mixedValue)
```
-##Parameters##
+###Parameters###
***mixedValue*** - A value to be escaped to help prevent SQL injections.
-##note##
-some functions like `->insert()`, `->replace()`, `->update()` will automatically escape varables, this is great for when using `->query()`
+###note##
+some functions like `->insert()`, `->replace()`, `->update()` will automatically escape varables, this is great for when using `->query()`
+
+
+##cleanLike##
+
+Simuilar to `clean`, run this on strings before running the string into `clean`(or a function that does automatic escaping using `clean`). This is to use for varables that will be used with MySQL `like` statement
+
+```
+cleanLike($mixedValue)
+```
+
+###Parameters###
+***mixedValue*** - A value to be escaped to help prevent SQL injections.
+
+##cleanBoth##
+
+```
+cleanBoth($mixedValue)
+```
+
+###Parameters###
+***mixedValue*** - A value to be escaped on both .
+
+###note###
+
+Runs `cleanLike`, then `clean` on a string in one swoop. Prefect for when you need to run both `cleanLike` and `clean` when doing manual SQL queries.

0 comments on commit e36b1f9

Please sign in to comment.