On 5/26/06, Satyam <[EMAIL PROTECTED]> wrote:
The escaping of invalid characters is already included and beside, you can simplify your SQL statements such as the example (taken from the phpdocs header).echo BuildSql('Insert into ?ttable (?s,?ns,?mi,?d,?ni,?i)','Something','',5,time(),0,null); will return: Insert into wp_table ('Something',null,5,'2006-05-15',null,0) So, as you see, it will handle date conversion from internal PHP to SQL, it will quote and escape strings, it will either use null or 0 o '' according to formatting options and it will add the contents of the $table_prefix variable wherever you put a ?t. It spares you a lot of trouble on the whole SQL instruction, not just on escaping every individual field. And you don't need to check the code, just read the comments, that's why I bothered putting them there. Satyam
Of course I read through the comments and the code. However I am no maintenance programmer and without a real idea of what the code was trying to acomplish, I couldn't fathom why it was doing what is was doing. Once again, that's not criticism- it's me trying to learn. I think that it is a little involved for what I'm currently doing, but I will certainly save the code for use when I'm more skilled. I most appreciate your help. Thanks! Dotan Cohen http://what-is-what.com 41
