0
some time ago I decided to assemble this class to make my life easier, I will not put it complete not to be a post too big, this class to make an Insert you order like this $Classe->Query("NOME_DA_TABELA",$ARRAY,"insert", ""); column information is sent by array by $_POST " $_POST[''name_da_coluna'] " form, and without me having to assemble querys she assembles everything and sends.
In short...
it takes the data of a form and makes Insert/update with 1 line and minimum information.
The question is this:... I’m already using it for production, I’ve analyzed it several times, I’m not an expert in programming and I’m afraid it has some security flaw or unnecessary code, what I’d like is an evaluation to know if it’s really good or need to change something...
if it’s not enough for understanding follow her link in git Here
__Construct
//==============================================================================
public $host = "localhost";
public $dbname = "dbname";
public $user = "root";
public $pass = "";
const ID = "id";
//==============================================================================
function __construct(){
try{
$this->conn = new PDO(
"mysql:host=$this->host;
dbname=$this->dbname;
charset=utf8",
$this->user,
$this->pass,
array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'
));
}catch(PDOException $e){
echo 'ERROR: ' . $e->getMessage();
}
}
Date
public function Data($select,$type){
if($type == 'fetch'){
$select = $this->conn->prepare($select);
$select->execute();
return $select->fetch();
}else if($type == 'fetchAll'){
$select = $this->conn->prepare($select);
$select->execute();
return $select->fetchAll();
}else if($type == 'update'){
$select = $this->conn->prepare($select);
return $select->execute();
}
}
Magicselect
//Método de auxilio para o método Tables aqui que ele retorna o nome das colunas
public function MagicSelect($table){
$select = "DESCRIBE $table";
return Connect::Data($select,"fetchAll");
}
Tables
//Pega as tabelas do banco de dados
public function Tables($table){
$search = Connect::MagicSelect($table);
$count = count($search);
for ($i=0; $i < $count ; $i++) {
if($search[$i]['Field'] !== self::ID){
$result[] = $search[$i]['Field'];
}
}
return $result;
}
Query
//Aqui é onde é montada toda a estrutura para o bindParam
public function Query($table, $array, $type, $where){
$tableInfo = Connect::Tables($table);
$fieldA = "";
$fieldB = "";
$field = "";
$count = count($tableInfo);
//CASO SEJA insert =========================== * * *
if($type == "insert"){
foreach ($tableInfo as $index => $value) {
if($index+1 < $count){
$fieldA .= $value . ", ";
$fieldB .= ":".strtoupper($value).", ";
$fieldA_array[] = $value;
$fieldB_array[] = ":".strtoupper($value);
}else{
$fieldA .= $value;
$fieldB .= ":".strtoupper($value);
$fieldA_array[] = $value;
$fieldB_array[] = ":".strtoupper($value);
}
}
$stmt = $this->conn->prepare(
"INSERT INTO $table ($fieldA) VALUES ($fieldB) $where"
);
for ($i=0; $i < count($fieldA_array) ; $i++) {
$stmt->bindParam($fieldB_array[$i], $array[$fieldA_array[$i]]);
}
$stmt->execute();
//CASO SEJA update =========================== * * *
}else if($type == "update"){
foreach ($tableInfo as $index => $value) {
if($index+1 < $count){
$field .= $value . " = :".strtoupper($value).", ";
$fieldA_array[] = ":".strtoupper($value);
$fieldB_array[] = $value;
}else{
$field .= $value . " = :".strtoupper($value);
$fieldA_array[] = ":".strtoupper($value);
$fieldB_array[] = $value;
}
}
$stmt = $this->conn->prepare("UPDATE $table SET $field WHERE $where");
for ($i=0; $i < count($fieldA_array) ; $i++) {
$stmt->bindParam($fieldA_array[$i], $array[$fieldB_array[$i]]);
}
return $stmt->execute();
}
return;
}
ps:. first question here in the community
Thanks for the information :) I will review here
– samuel prado almeida