3

I am having a small programming issue. I am trying to execute a function within a class and I have an array that I am using array_walk to execute a function on each variable within that array. The issue is that the function I am executing is a method within the same class. I have looked over my code however cannot find what the issue is. Please let me know what a possible solution to this error is or if you see something I am not seeing.

Currently it is not even executing the function escape(). I purposely added a ' in the status variable as I want it to be escaped, but it is done not.

A little background: This is a database class I am building and the prepare() method will help escape variables in the query before it is executed. I removed some code that is not relevant to this issue.

This is the result it is giving me: UPDATE table_name SET status='I'm doing good!' WHERE username='someone'

<?php
class Database {
    var $weak_escape = false;

    function escape($str) {
    if ($this->weak_escape) return $this->weak_escape($str);
    else return $this->sql_escape($str);
    }

    function weak_escape($str) {
    return addslashes($str);
    }

    function sql_escape($str) {
    return mysql_real_escape_string($str);
    }

    function prepare($query) {
    $args = func_get_args();
    array_shift($args);
    array_walk($args, array(&$this, 'escape'));
    return vsprintf($query, $args);
    }
}

$db = new Database();
$username = "someone";
$status = "I'm doing good!";
echo $db->prepare("UPDATE table_name SET status='%s' WHERE username='%s'", $status, $username);
?>
Improve this question
6
  • I think should be like this $db = new Database(); And I am pretty sure if not already, real soon passing by reference is depreciated. Commented May 7, 2011 at 0:47
  • Yeah that is just my bad habit, in the final code it has variables there, when typing it in to this website I forgot that part. Thanks though, I fixed the example above. Obviously that doesn't fix the issue though. Commented May 7, 2011 at 0:50
  • where is the escape function being performed? Edit:Never mind, i see it. though I don't think you need to ue an & there. $this should already refer to the class no? Commented May 7, 2011 at 0:54
  • I tried it with an without, and unforuntely it did not make a difference. Commented May 7, 2011 at 1:03
  • your escape function is firing and working. got something to do with other parts of your code. Commented May 7, 2011 at 1:12

3 Answers 3

Reset to default
2

I'de make my escape function static, cause it's the same for every instance:

class Database {
    static function escape($str) {
       return addslashes($str);
    }

    function prepare($query) {
      $args = func_get_args();
      array_shift($args);
      array_walk($args, array('Database', 'escape'));  //Look here
      return vsprintf($query, $args);
    }
}

Hope this helps. Cheers

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I have a feeling that will work with the example I gave however my actual code it doesn't work because within function escape($str) it makes a $this reference to another method within the class. Let me try to update my example above to show what I mean.
1

You'll need to modify the argument(reference of array-item), this isn't done if you return it:

function escape(&$str)
{
  $str=addslashes($str);
}
Improve this answer

1 Comment

That ended up doing the trick. Thank you, normally I do that but I figured I would try to reduce the amount of code, however less code ended up hurting me. Normally I don't use the & but it obviously makes a difference.
1

Hope this is what you are looking for. I did this:

class Database {
    function escape($str) {
       return addslashes($str);
    }

    function prepare($query) {
    $args = func_get_args();
    $args[1] = $this->escape($args[1]);
    array_shift($args);
    array_walk($args, array($this, 'escape'));
    return vsprintf($query, $args);
    }
}

$db = new Database();
$username = "someone";
$status = "I'm doing good!";
print $db->prepare("UPDATE table_name SET status='%s' WHERE username='%s'", $status, $username);

got result:

UPDATE table_name SET status='I\'m doing good!' WHERE username='someone'
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.