<?php
//make_safe_for_sql()
//Input: string, string[int], string
//Output: string
//Takes a given source string (e.g. id = 5) and converts it to be safe for use with SQL (e.g. `id` = '5').
//The function will assume that proper syntax is given based on the delimeter.
//
//For example: id = 5
//$key[0] = "" will convert the text "id" to "`id`".
//$key[1] = "'" will convert the text "5" to "'5'".
function make_safe_for_sql($src, $src_keys, $delim = ' ')
{
	//Create an output variable.
	$output = '';
	
	//Count the number of items based on the given delimeter.
	//Add an additional delimeter to the source so that the regular expression can read it more efficiently.
	$num_items = preg_match_all('/(.*?)'.$delim.'/', $src.$delim, $num_items_result);
	
	//If the number of items is greater than zero then a list was given.
	//If it is equal to zero then only a single item was given.
	if($num_items > 0)
	{
		//Calculate the length of the given delimeter to save a little memory.
		$delim_len = strlen($delim);
		
		//Iterate through the array.
		//Each individual key will be equal to the items separated by the delimeter.
		foreach($num_items_result[0] as $key => $value)
		{
			//Remove the trailing space found in the value.
			$value = substr($value, 0, strlen($value)-1);
			
			//Check if a NULL value was given.
			//In SQL there should be no wrapping characters around NULL keywords.
			//Wrap the appropriate key around the item value and add it to the output.
			if($value != 'NULL')
			{
				$output .= $src_keys[$key].$value.$src_keys[$key].$delim;
			}
			else
			{
				$output .= $value.$delim;
			}
		}
		
		//Check if a delimeter was given. If so: remove it.
		if($delim_len > 0)
		{
			//Remove the trailing delimeter created by the loop.
			$output = substr($output, 0, strlen($output)-$delim_len);
		}
	}
	else if(empty($src) == false && isset($src_keys[0]))
	{
		//Add the key to the beginning and end of the item.
		//THIS WON'T WORK AND SHOULD PROBABLY BE FIXED
		//I'LL DO IT LATER
		$output = preg_replace('/(.*?)/', "/$src_keys[0]$1$src_keys[0]/", $src);
	}
	
	return (string)$output;
}

//parse_sql()
//Input: string, string[int], string, string
//Output: string
//Takes a given item, or list of items, that are unsafe for SQL usage and converts them to be safe.
//Can use any defined item and list delimeter.
//
//Note: The list separation delimeter is the text that will be added after each item is converted.
//Example: id = 5 with a list delimeter of " AND "
//It will become: "`id` = '5' AND ".
function parse_sql($src, $src_keys, $delim = ' ', $list_delim = ', ', $list_separation_delim = ', ')
{
	//Create an output variable.
	$output = '';
	
	//Check if the given source text is a list, or a single item.
	if(preg_match("/(.*?)$list_delim(.*?)/", $src))
	{
		//Calculate the length of the list separation delimeter first.
		//Not calling strlen() a bunch of times will save a little memory.
		$list_separation_delim_len = strlen($list_separation_delim);
		
		//Explode the list by the given delimeter.
		//Will iterate through the list item by item.
		foreach(explode($list_delim, $src) as $key => $value)
		{
			$output .= make_safe_for_sql($value, $src_keys, $delim) . $list_separation_delim;
		}
		
		//Check if a list separation delimeter was given.
		if($list_separation_delim_len > 0)
		{
			//Remove the trailing list separation delimiter.
			$output = substr($output, 0, strlen($output)-$list_separation_delim_len);
		}
	}
	elseif(empty($src) == false)
	{
		//Only one item.
		//Convert it and add it to the output.
		$output .= make_safe_for_sql($src, $src_keys, $delim);
	}
	
	return (string)$output;
}

$text = 'id = NULL, name = foo, email = myemail@gmail.com';
$keys[0] = '`';
$keys[2] = '\'';

echo parse_sql($text, $keys);

//Output: `id` = NULL, `name` = 'foo', `email` = 'myemail@gmail.com'
?>