- stripslashes: documentation ( source)
- strpos: documentation ( source)
- is_numeric: documentation ( source)
- strtr: documentation ( source)
- substr_replace: documentation ( source)
<?php
function Query(){
# read params
$args = func_get_args();
# replace parameter after parameter, escape (SQL injection) and non-numeric encapsule with ''
for($i=1; $i < Count($args); $i++){
if(get_magic_quotes_gpc() == 0) $arg = mysql_real_escape_string($args[$i]);
else $arg = mysql_real_escape_string(stripslashes($args[$i]));
$arg = strtr($arg, array('#'=>'[hash]'));
if($arg != 'NULL') $arg = (is_numeric($arg))? $arg : "'".$arg."'";
$args[0] = substr_replace($args[0], $arg, strPos($args[0], '#'),1);
}
$args[0] .= ';';
return $args[0];
}
$ID = 501;
$check_sql = Query("update user_info set login_counter=login_counter+1, date_last_login=NOW() where id_twitter = #", $id);
ECHO $check_sql;