Does something like that exist?
db_insert?
Returns NULL to me. Should db_insert return the full sql string is uses for insert?
http://dev.simplemachines.org/smcfunctions.php
Use db_quote is discouraged (unless you have a good reason to, and even then it may be worth redo the code to use a plain db_query).
db_insert is completely different and if you want t support the different dbms SMF supports (MySQL, PostgreSQL and SQLite) it is the one to use.
I'm not sure why you want to have the string (since db_insert takes care of everything (really) just passing a couple of arrays), so... I can't give you a meaningful answer, sorry. ;)
Herman the db functions are better documented at http://wiki.simplemachines.org/smf/$smcFunc (http://wiki.simplemachines.org/smf/$smcFunc)
Thanks for your patience, but I did not ask about what's good or bad or where I can find a list of db functions. I asked how to get the sql string created by db_insert (without grabbing it manually from the place it is created)? I guess, there is no "Does not execute the query, Formats as if it where going to be and returns the string.". Correct?
Well, at the end of the day, for MySQL, the "final" insert is really in Sources/Subs-Db-mysql.php
// Do the insert.
$smcFunc['db_query']('', '
' . $queryTitle . ' INTO ' . $table . '(`' . implode('`, `', $indexed_columns) . '`)
VALUES
' . implode(',
', $insertRows),
array(
'security_override' => true,
'db_error_skip' => $table === $db_prefix . 'log_errors',
),
$connection
);
You can't get a complete string, but you can edit that funcion and maybe build a string with the passed variables...
Or, if you add $db_show_debug=true; in Settings.php it shows you the query (not so sure for an insert, since the page has to reload...)
Yeah. Found this too. Did some search for a maybe not documented function before, but without success. Now I know that I have to do it manually. Thank you. :)
I know what you asked and what you didn't, and I know what I wanted to answer. ;)
A query is a query, and if you know how to use db_quote, you already know how to use it for whatever you want. If you don't (in my book) it may mean you don't know very well db_quote and so it is potentially dangerous to explain you how to SQLinject your own site. (Even SMF has a bug of that level for bad usage of db_quote (or lack of usage, I don't remember the details) and addslashes, so it's not that I'm considering you a noob, it's that it can be very tricky. ;))
Can you show me how to use db_qoute on db_insert WITHOUT altering the code of SMF, please?
You can use db_quote with a regular, complete instruction with INSERTO INTO or whatever. The only problem is that you might loose cross-database compatibility because you'll use probably MySQL syntax. But you can perfectly use INSERT INTO instead of the regular SELECT.