🕸Fergus Duniho wrote on Wed, Apr 18, 2018 04:07 PM UTC:
I have just expanded the capabilities of table_row() and table_rows() from index/fpd-indexing-funcs.php. These two functions generate a prepared SQL SELECT statement and execute it with PDO. The former returns the first row found, and the latter returns an array of all rows found. On failure, each returns false. All changes to them are backwards compatible with previous uses of them, so that no code is broken by the changes. The main change is that I adapted them both to accept a variable number of arguments. Previously, they could accept a single column/value pair in the second and third argument places. They can now accept any number of column/value pairs or even none at all. Each column/value pair will take up two arguments, listed one after the other. The column name should come first, followed by the value name. Every column/value pair will be added to the WHERE clause. They should be placed after the first argument, which is the table name. If there is a last unpaired argument, its value will be appended to the generated SQL as is. This is the same as before, except that it is not always the fourth argument anymore. To avoid the risk of SQL injection, only the values of columns should be used with data entered by users. The table name, the column names, and the last unpaired argument should not be copied from user-entered data.
I have just expanded the capabilities of table_row() and table_rows() from index/fpd-indexing-funcs.php. These two functions generate a prepared SQL SELECT statement and execute it with PDO. The former returns the first row found, and the latter returns an array of all rows found. On failure, each returns false. All changes to them are backwards compatible with previous uses of them, so that no code is broken by the changes. The main change is that I adapted them both to accept a variable number of arguments. Previously, they could accept a single column/value pair in the second and third argument places. They can now accept any number of column/value pairs or even none at all. Each column/value pair will take up two arguments, listed one after the other. The column name should come first, followed by the value name. Every column/value pair will be added to the WHERE clause. They should be placed after the first argument, which is the table name. If there is a last unpaired argument, its value will be appended to the generated SQL as is. This is the same as before, except that it is not always the fourth argument anymore. To avoid the risk of SQL injection, only the values of columns should be used with data entered by users. The table name, the column names, and the last unpaired argument should not be copied from user-entered data.