I wrote this script to assist in my database and form interactions. Since I usually use the same field names in the form as the column names in the database, this script helps me cut out the step of writing simple SQL statements. I built it around the $_POST array but future versions will have (safer) support for the $_GET array. Click the tabs for examples and explainations.
There is support for required fields via a global array on the 'INSERT' and 'UPDATE' commands. It only works if the form is passing the key (i.e. first_name).
Code Comment
/* * This function will write a 'SELECT' SQL statement based on a get/post array * @Params - * $data: accepts $_GET, $_POST * $condition: accepts a column name for the id of this table (ex: uid, pid) * @Global Params - * $table: table name * * Returns false if no fields are passed * * Example GET URL: feather_example.php?id&first_name&last_name * */
SELECT example using $_GET: select_statement($_GET,"WHERE uid=1")
SELECT example using $_POST: select_statement($_POST,"WHERE uid=1")
Send Post Data:
SQL Output: No $_POST data was passed.
Current $_GET data:
array(0) {
}
Current $_POST data:
array(0) {
}
Code Comment
/* * This function will write an 'INSERT' SQL statement based on a get/post array * @Params - * $data: accepts $_GET, $_POST * @Global Params - * $table: table name * $required: an array of required columns * * Returns false if required fields are missing * * Example GET URL: feather_example.php?first_name=tyler&last_name=mulligan * */
INSERT example using $_GET: insert_statement($_GET)
Send Get Data:
feather_example.php?first_name=tyler&last_name=mulliganSQL Output: Missing required field.
INSERT example using $_POST: insert_statement($_POST)
Send Post Data:
SQL Output Missing required field.
Current $_GET data:
array(0) {
}
Current $_POST data:
array(0) {
}
Code Comment
/* * This function will write an 'UPDATE' SQL statement based on a get/post array * @Params - * $data: accepts ($_GET, $_POST) | *No WHERE condition for the GET yet * $condition: accepts a SQL WHERE condition * @Global Params - * $table: table name * $required: an array of required columns * * Returns false if required fields are missing * * Example GET URL: feather_example.php?first_name=Tyler&last_name=Mulligan * */
INSERT example using $_GET: update_statement($_GET, "uid='12'")
Send Get Data:
feather_example.php?first_name=Tyler&last_name=MulliganSQL Output: Missing required field.
INSERT example using $_POST: update_statement($_POST, "uid='12'")
Send Post Data:
SQL Output: Missing required field.
Current $_GET data:
array(0) {
}
Current $_POST data:
array(0) {
}
Code Comment
/* * This function will write a 'DELETE' SQL statement based on a get/post array * @Params - * $data: accepts $_GET['idlist'], $_POST['idlist'] (idlist is an array) * $id: accepts a column name for the id of this table (ex: uid, pid) * @Global Params - * $table: table name * * Returns false if no ids are passed. * * Example GET URL: feather_example.php?idlist[1]=1&idlist[2]=3 * */
DELETE example using $_GET: delete_statement($_GET, "uid")
DELETE example using $_POST: delete_statement($_POST, "uid")
Send Post Data:
SQL Output No boxes were checked
Current $_GET data:
array(0) {
}
Current $_POST data:
array(0) {
}
Code Comment
TODO: - Clean GET data - The $required array only works if the item is being passed (feature?) - Check keys function for malicious code (page.php?id=1&we_are' || fuuuuucked) - Setup conditions for GET data - * Support for multiple tables - Add do not include list - Add $_GET whitelist