Values is just the same as any other db method...
array( 'foo' => 'b"ar', 'baz=bar' ) outputs foo =
'b\"ar' AND baz=bar
When you pass a string it is just outputted directly, in key/value pairs
in an array the key is the field name, and the value is the value (it
will be escaped by the database class), though a item in an array
without a key will also be outputted raw, though it'll be put in between
ANDs.
I strongly recommend making use of the key=>value array pairs. The only
reason not to use them is if you are doing something complex involving
multiple fields, aliases, or things like greaterthan/lessthan...
INs are handled natively as well...
array( 'foo' => array( 'bar', 'baz' ) ) outputs foo IN(
'bar', 'baz' )
And yes, there is a escape function inside the database class. Just take
a look through the class and you'll see what methods you have to use.
~Daniel Friesen(Dantman, Nadir-Seen-Fire) of:
-The Nadir-Point Group (
http://nadir-point.com)
--It's Wiki-Tools subgroup (
http://wiki-tools.com)
--The ElectronicMe project (
http://electronic-me.org)
--Games-G.P.S. (
http://ggps.org)
-And Wikia ACG on
Wikia.com (
http://wikia.com/wiki/Wikia_ACG)
--Animepedia (
http://anime.wikia.com)
--Narutopedia (
http://naruto.wikia.com)
GF wrote:
Database::update ( $ table,
$ values,
$ conds,
$ fname = 'Database::update',
$ options = array()
)
UPDATE wrapper, takes a condition array and a SET array.
Parameters:
string $table The table to UPDATE
array $values An array of values to SET
array $conds An array of conditions (WHERE). Use '*' to update all rows.
string $fname The Class::Function calling this function (for the log)
array $options An array of UPDATE options, can be one or more of
IGNORE, LOW_PRIORITY
Should I pass $values already escaped?
Should I use some function indipendent from the db to escape it?
I can do it with mysql php escaping function, but I think it's no good
to use a DB specific function there... or isn't?
thank you.