dibi forum

gotisch · 2009-05-23 03:22

Hello,

how can i add a SQL function that takes parameters in the query?

<?php
function CreateUser($username, $email, $password)
{
        $connection = dibi::getConnection('Server');
        $insert = array(
                'username' => strtoupper($username),
                'pass' => "SHA1('" . strtoupper($username) . ":" . strtoupper($password) . "')",
                'email' => $email,
        );
        $connection->query("INSERT INTO users ", $insert);
        return;
}
CreateUser("test", "test@hotmail.com", "mypass123'%=,.");
?>

The problem is with the pass. If i just add the string it will esacpe the SHA1(' part too. SHA(\\' so in the end i end up with loads of \\ and the query not working.

if i do

<?php
new DibiVariable("SHA1('" . strtoupper($username) . ":" . strtoupper($password) . "')", "sql"),
?>

instead, it will not get escaped. And i can't use $connection->getDriver()->escape($username,dibi::TEXT) because that require a connection to the server already established, and i want the connection setting lazy = true

Thanks for any help!

David Grudl · 2009-05-25 01:36

You can use this:

$insert = array(
        'username' => strtoupper($username),
        'pass%sql' => array('SHA1(%s)',  strtoupper("$username:$password")), // or only 'pass' => in last revision
        'email' => $email,
);

dibi forum

#1 3 years ago

SQL Function in query

#2 3 years ago

Re: SQL Function in query

Board footer