, but needs arguments as single array. * * Parameters: * $args - The arguments as an array. * * Returns: * The formatted string. */ function qdb_vfmt($args) { global $config; if(count($args) < 1) throw new InvalidArgumentException('Need at least one parameter'); $query = $args[0]; $data = array_map(function($x) { return is_string($x) ? sqlesc($x) : $x; }, array_slice($args, 1)); $query = str_replace("PREFIX_", $config["mysql"]["prefix"], $query); return vsprintf($query, $data); } /* * Function: qdb_fmt * Formats a string like , that means it replaces "PREFIX_" and 's everything before sends everything to vsprintf. * * Returns: * The formatted string. */ function qdb_fmt() { return qdb_vfmt(func_get_args()); } /* * Function: qdb * Query Database. * * This function replaces mysql_query and should eliminate SQL-Injections. * Use it like this: * * $result = qdb("SELECT `foo` FROM `bar` WHERE `id` = %d AND `baz` = '%s'", 100, "lol"); * * It will also replace "PREFIX_" with the prefix defined in 'config.php'. */ function qdb() { $query = qdb_vfmt(func_get_args()); $rv = mysql_query($query); if($rv === false) throw new MySQLException(mysql_errno() . ': ' . mysql_error() . (__DEBUG__ ? ("[[FULL QUERY: " . $query . "]]") : "" )); return $rv; } /* * Class: MySQLException * Will be thrown by qdb*, if the query induced an MySQL error. */ class MySQLException extends Exception { } ?>