#5178 closed enhancement (fixed)
New $wpdb methods: insert(), update()
Reported by: | markjaquith | Owned by: | |
---|---|---|---|
Milestone: | 2.5 | Priority: | normal |
Severity: | normal | Version: | |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description (last modified by )
Ryan proposed these methods to me. I cleaned them up a bit and added sanitization.
/** * Insert an array of data into a table * @param string $table WARNING: not sanitized! * @param array $data should not already be SQL-escaped * @return mixed results of $this->query() */ function insert($table, $data) { $data = add_magic_quotes($data); $fields = array_keys($data); return $this->query("INSERT INTO $table (`" . implode('`,`',$fields) . "`) VALUES ('".implode("','",$data)."')"); } /** * Update a row in the table with an array of data * @param string $table WARNING: not sanitized! * @param array $data should not already be SQL-escaped * @param string $where_col the column of the WHERE statement. WARNING: not sanitized! * @param string $where_val the value of the WHERE statement. Should not already be SQL-escaped. * @return mixed results of $this->query() */ function update($table, $data, $where_col, $where_val){ $data = add_magic_quotes($data); $bits = array(); foreach ( array_keys($data) as $k ) $bits[] = "`$k`='$data[$k]'"; $where_val = $this->escape($where_val); return $this->query("UPDATE $table SET ".implode(', ',$bits)." WHERE $where_col = '$where_val' LIMIT 1"); }
First place to use this is in wp_insert_post()
Note: See
TracTickets for help on using
tickets.
(In [6221]) Introducing db_insert() and db_update(), with immediate usage in wp_insert_post(). fixes #5178