conn = mysql_connect($this->server, $this->username, $this->password) or die ("could not connect to mysql"); $this->db = mysql_select_db($this->database) or die ("no database"); } public function __destruct() { if($this->conn) { mysql_close($this->conn); } } public function isDatabase() { if($this->conn) { return true; } } public function cleanInput($input) { $search = array( '@]*?>.*?@si', // Strip out javascript '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags '@]*?>.*?@siU', // Strip style tags properly '@@' // Strip multi-line comments ); $output = preg_replace($search, '', $input); return $output; } public function cleanQuery($input) { if (is_array($input)) { foreach($input as $var=>$val) { $output[$var] = sanitize($val); } } else { if (get_magic_quotes_gpc()) { $input = stripslashes($input); } $input = $this->cleanInput($input); $output = mysql_real_escape_string($input); } return $output; } public function insert_array($table, $insert_values) { foreach($insert_values as $key=>$value) { $keys[] = $key; $insertvalues[] = '\''.$value.'\''; } $keys = implode(',', $keys); $insertvalues = implode(',', $insertvalues); $sql = "INSERT INTO $table ($keys) VALUES ($insertvalues)"; $this->sqlordie($sql); } public function update_array($table, $keyColumnName, $id, $update_values) { foreach($update_values as $key=>$value) { $sets[] = $key.'=\''.$value.'\''; } $sets = implode(',', $sets); $sql = "UPDATE $table SET $sets WHERE $keyColumnName = '$id'"; $this->sqlordie($sql); } public function get_record_by_ID($table, $keyColumnName, $id, $fields = "*"){ $sql = "SELECT $fields FROM $table WHERE $keyColumnName = '$id'"; $result = $this->sqlordie($sql); return mysql_fetch_assoc($result); } public function get_records_by_group($table, $groupKeyName, $groupID, $orderKeyName = '', $order = 'ASC', $fields = '*'){ $orderSql = ''; if($orderKeyName != '') $orderSql = " ORDER BY $orderKeyName $order"; $sql = "SELECT * FROM $table WHERE $groupKeyName = '$groupID'" . $orderSql; $result = $this->sqlordie($sql); while($row = mysql_fetch_assoc($result)) { $records[] = $row; } return $records; } private function sqlordie($sql) { $return_result = mysql_query($sql, $this->conn); if($return_result) { return $return_result; } else { $this->sql_error($sql); } } private function sql_error($sql) { echo mysql_error($this->conn).'
'; die('error: '. $sql); } } ?>