mysql(i^2)
For a while now, I’ve thought it’d be pretty cool if I could run an sql query, without having to worry about sql injections and the like. In my head, there would be a magic function that escaped all the strings in my query, making it safe for execution. That is exactly what I made today and you can see the source code here.
Features
- Automatic sanitizing of (most) sql queries
- Constructor allows you to define your hostname, username, password and database
- Keeps track of the number of queries executed since object creation
- Allows for a customizable list of allowed HTML tags in query strings
Usage
There are two ways of initalizing the object:
$sql = new mysqlii('host', 'user', 'pass', 'dbname');
or edit line 24 of mysqlii.class.php to read:
public function __construct($h='host', $u='user', $p='pass', $n='dbname') {
and creating the object without passing any arguments
$sql = new mysqlii();
To allow a user to post comments, containing paragraph, strong, and emphasis tags;
$sql->add_allowed_tag('<p>');
$sql->add_allowed_tag('<strong>');
$sql->add_allowed_tag('<em>');
$sql->queryf('INSERT INTO comments (parent,body) VALUES (%d,%s)', $post->id, $comment);
You can also remove allowed tags both specifically and sledge-hammer-style, and check which tags are currently being allowed into the database
$sql->remove_allowed_tag('<strong>');
print $sql->get_allowed_tags();
$sql->remove_all_allowed_tags();
And finally, you can check the current query count at any time:
$queries_executed = $sql->get_query_count();