//The general rule with the database access is, call $database->query if there is no user input //involved, or $database->safe_query if user input is involved. safe_query will use SafeSQL //fuctions to sanitise the data (make it safe) before entering it into the database. require 'SafeSQL.class.php'; $SafeSQL = new SafeSQL_MySQL; class class_database { var $connection = ""; var $query = ""; var $query_count = 0; var $record_row = array(); function connect($host, $user, $pass, $database){ $this->connection = mysql_connect($host, $user, $pass); mysql_select_db($database, $this->connection) or trigger_error("Database not found: $database", E_USER_WARNING); return $this->connection; } function disconnect() { return mysql_close($this->connection); } function safe_query($query_string, $query_vars, $file = "Unknown", $line = "Unknown") { global $SafeSQL; $query_fixed = $SafeSQL->query($query_string, $query_vars); return $this->query($query_fixed, $file, $line); } function query($query_string, $file = "Unknown", $line = "Unknown") { //$handle = fopen("./test.txt", "a"); //fwrite($handle, $query_string."\r\n\r\n"); //fclose($handle); $this->query = mysql_query($query_string, $this->connection) or trigger_error("Error while perfoming query '$query_string': ".mysql_error($this->connection)."

File: $file
Line: $line"); $this->query_count++; return $this->query; } function fetch_row($query_id = "") { if ($query_id == "") $query_id = $this->query; $this->record_row = mysql_fetch_array($query_id, MYSQL_ASSOC); return $this->record_row; } function get_affected_rows() { return mysql_affected_rows($this->connection); } function get_num_rows($query_id = "") { if ($query_id == "") $query_id = $this->query; return mysql_num_rows($query_id); } function get_insert_id() { return mysql_insert_id($this->connection); } function get_query_cnt() { return $this->query_count; } } ?>