<?php
//make_safe_for_sql()
//Input: string, string[int], string
//Output: string
//Takes a given source string (e.g. id = 5) and converts it to be safe for use with SQL (e.g. `id` = '5').
//The function will assume that proper syntax is given based on the delimeter.
//
//For example: id = 5
//$key[0] = "" will convert the text "id" to "`id`".
//$key[1] = "'" will convert the text "5" to "'5'".
function make_safe_for_sql($src, $src_keys, $delim = ' ')
{
//Create an output variable.
$output = '';
//Count the number of items based on the given delimeter.
//Add an additional delimeter to the source so that the regular expression can read it more efficiently.
$num_items = preg_match_all('/(.*?)'.$delim.'/', $src.$delim, $num_items_result);
//If the number of items is greater than zero then a list was given.
//If it is equal to zero then only a single item was given.
if($num_items > 0)
{
//Calculate the length of the given delimeter to save a little memory.
$delim_len = strlen($delim);
//Iterate through the array.
//Each individual key will be equal to the items separated by the delimeter.
foreach($num_items_result[0] as $key => $value)
{
//Remove the trailing space found in the value.
$value = substr($value, 0, strlen($value)-1);
//Check if a NULL value was given.
//In SQL there should be no wrapping characters around NULL keywords.
//Wrap the appropriate key around the item value and add it to the output.
if($value != 'NULL')
{
$output .= $src_keys[$key].$value.$src_keys[$key].$delim;
}
else
{
$output .= $value.$delim;
}
}
//Check if a delimeter was given. If so: remove it.
if($delim_len > 0)
{
//Remove the trailing delimeter created by the loop.
$output = substr($output, 0, strlen($output)-$delim_len);
}
}
else if(empty($src) == false && isset($src_keys[0]))
{
//Add the key to the beginning and end of the item.
//THIS WON'T WORK AND SHOULD PROBABLY BE FIXED
//I'LL DO IT LATER
$output = preg_replace('/(.*?)/', "/$src_keys[0]$1$src_keys[0]/", $src);
}
return (string)$output;
}
//parse_sql()
//Input: string, string[int], string, string
//Output: string
//Takes a given item, or list of items, that are unsafe for SQL usage and converts them to be safe.
//Can use any defined item and list delimeter.
//
//Note: The list separation delimeter is the text that will be added after each item is converted.
//Example: id = 5 with a list delimeter of " AND "
//It will become: "`id` = '5' AND ".
function parse_sql($src, $src_keys, $delim = ' ', $list_delim = ', ', $list_separation_delim = ', ')
{
//Create an output variable.
$output = '';
//Check if the given source text is a list, or a single item.
if(preg_match("/(.*?)$list_delim(.*?)/", $src))
{
//Calculate the length of the list separation delimeter first.
//Not calling strlen() a bunch of times will save a little memory.
$list_separation_delim_len = strlen($list_separation_delim);
//Explode the list by the given delimeter.
//Will iterate through the list item by item.
foreach(explode($list_delim, $src) as $key => $value)
{
$output .= make_safe_for_sql($value, $src_keys, $delim) . $list_separation_delim;
}
//Check if a list separation delimeter was given.
if($list_separation_delim_len > 0)
{
//Remove the trailing list separation delimiter.
$output = substr($output, 0, strlen($output)-$list_separation_delim_len);
}
}
elseif(empty($src) == false)
{
//Only one item.
//Convert it and add it to the output.
$output .= make_safe_for_sql($src, $src_keys, $delim);
}
return (string)$output;
}
$text = 'id = NULL, name = foo, email = myemail@gmail.com';
$keys[0] = '`';
$keys[2] = '\'';
echo parse_sql($text, $keys);
//Output: `id` = NULL, `name` = 'foo', `email` = 'myemail@gmail.com'
?>