X-Git-Url: https://jasonwoof.com/gitweb/?a=blobdiff_plain;f=db.php;h=3e4f725c30758f0027a70afbf6dd6c15c06adff8;hb=9f8ed1dba7b2bb0319ab69f843f20e0d45ff736c;hp=952cc231a1d01ef6878a182fad802c0961e277c6;hpb=22d5fb7ab7d4ee86bd59e194387dca268bd577a1;p=wfpl.git

diff --git a/db.php b/db.php
index 952cc23..3e4f725 100644
--- a/db.php
+++ b/db.php
@@ -101,12 +101,12 @@ function db_send_query($sql) {
 # %"  output double quotes, surrounding the variable which is encoded to be in there.
 # %s  output encoded to be in double quotes, but don't output the quotes
 #
-# complex example: db_get_rows('mytable', 'id', 'name=%" or company like "%%%s%%"', $name, $company_partial);
+# complex example: db_get_rows('mytable', 'id', 'where name=%" or company like "%%%s%%"', $name, $company_partial);
 
 function db_printf($str) {
 	$args = func_get_args();
 	$args = array_slice($args, 1);
-	_db_printf($str, $args);
+	return _db_printf($str, $args);
 }
 
 # This function does the work, but takes the parameters in an array
@@ -130,6 +130,8 @@ function _db_printf($str, $args) {
 
 		if($chr == '"') {
 			$out .= '"' . enc_sql(array_pop($args)) . '"';
+		} elseif($chr == 's') {
+			$out .= enc_sql(array_pop($args));
 		} elseif($chr == 'i') {
 			$int = format_int(array_pop($args));
 			if($int == '') $int = '0';
@@ -146,7 +148,7 @@ function _db_printf($str, $args) {
 function db_send_get($table, $columns, $where, $args) {
 	$sql = "SELECT $columns FROM $table";
 	if($where) {
-		$sql .= ' WHERE ' . _db_printf($where, $args);
+		$sql .= ' ' . _db_printf($where, $args);
 	}
 
 	return db_send_query($sql);
@@ -265,17 +267,17 @@ function db_insert_ish($command, $table, $columns, $values) {
 # db_update('users', 'name', 'Bruce');
 #
 # # name user #6 Bruce
-# db_update('users', 'name', 'Bruce', 'id= %"', 6);
+# db_update('users', 'name', 'Bruce', 'where id=%i', 6);
 #
 # # update the whole bit for user #6
-# db_update('users', 'name,email,description', 'Bruce', 'bruce@example.com', 'is a cool guy', 'id= %"', 6);
+# db_update('users', 'name,email,description', 'Bruce', 'bruce@example.com', 'is a cool guy', 'where id=%i', 6);
 #
 # # update the whole bit for user #6 (passing data as an array)
 # $data = array('Bruce', 'bruce@example.com', 'is a cool guy');
-# db_update('users', 'name,email,description', $data, 'id= %"', 6);
+# db_update('users', 'name,email,description', $data, 'where id=%i', 6);
 
 # The prototype is really something like this:
-# db_update(table, columns, values..., where(optional), where_args...(optional
+# db_update(table, columns, values..., where(optional), where_args...(optional))
 function db_update($table, $columns, $values) {
 	$args = func_get_args();
 	$args = array_slice($args, 2);
@@ -305,7 +307,7 @@ function db_update($table, $columns, $values) {
 		$where = $args[0];
 		$args = array_slice($args, 1);
 
-		$sql .= ' WHERE ';
+		$sql .= ' ';
 		# any left for where claus arguments?
 		if($args) {
 			$sql .= _db_printf($where, $args);
@@ -322,7 +324,7 @@ function db_update($table, $columns, $values) {
 function db_delete($table, $where = '') {
 	$sql = "DELETE FROM $table";
 	if($where) {
-		$sql .= ' WHERE ';
+		$sql .= ' ';
 		$args = func_get_args();
 		$args = array_slice($args, 2);
 		if($args) {