Untitled

//Don't use this stuff in production, was written in 5 minutes for a demo


function db_setup($dsn, $db_host, $db_name, $db_user, $db_password)
{
$db = new PDO("$dsn:host=$db_host;dbname=$db_name;charset=utf8", $db_user, $db_password);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); // disable emulated prepared statements
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
return $db;
}


function db_query($query, $placeholders = array())
{
global $db;
global $querycount;
$query = preg_replace('/{db_prefix}/', 'blah', $query); // example
if ($db == null)
{
    $db = db_setup('mysql', 'localhost', 'databasename', 'databaseuser', ''); //database type. host, user, password
}
$stmt = $db->prepare($query);
if ($placeholders != null)
{
    $stmt->execute($placeholders);
    $querycount++; // TODO check error condition

}else
{
    $stmt->execute();
    $querycount++;
}
return $stmt; // returns statement object to fetch data
}


$statement = db_query('SELECT id_msg, subject, body FROM {db_prefix}messages WHERE id_member = ?', array($_POST['memberid'])); //based off a real forum database
$dump = $statement->fetchAll(PDO::FETCH_ASSOC); // returned as array with keys