Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- converting raw queries to prepared statement
- function prepare1995Sql_EXAMPLE ($sqlString) {
- # regex pattern
- $patterns = array();
- $patterns[0] = '/'.*?'/';
- # best to use question marks for an easy example
- $replacements = array();
- $replacements[0] = '?';
- # perform replace
- $preparedSqlString = preg_replace($patterns, $replacements, $sqlString);
- # grab parameter values
- $pregMatchAllReturnValueHolder = preg_match_all($patterns[0], $sqlString, $grabbedParameterValues);
- $parameterValues = $grabbedParameterValues[0];
- # prepare command:
- echo('$stmt = $pdo->prepare("' . $preparedSqlString . '");');
- echo("n");
- # binding of parameters
- $bindValueCtr = 1;
- foreach($parameterValues as $key => $value) {
- echo('$stmt->bindParam(' . $bindValueCtr . ", " . $value . ");");
- echo("n");
- $bindValueCtr++;
- }
- # if you want to add the execute part, simply:
- echo('$stmt->execute();');
- }
- # TEST!
- $sqlString = "SELECT foo FROM bar WHERE name = 'foobar' or nickname = 'fbar'";
- prepare1995Sql_EXAMPLE ($sqlString);
- $stmt = $pdo->prepare("SELECT foo FROM bar WHERE name = ? or nickname = ?");
- $stmt->bindParam(1, 'foobar');
- $stmt->bindParam(2, 'fbar');
- $stmt->execute();
Add Comment
Please, Sign In to add comment