colshrapnel

Ugh. It seems I know how I'll spend the upcoming holiday. I need to explore it through. But before I start, can you please take a look at http://stackoverflow.com/questions/22266311/to-parse-sql-with-regex-excluding-quoted-literals or...

I can't seem to be able to reproduce your code. It does raise an error, which is still a bad thing, but it doesn't allow injection either. Here it goes:...

@Alphapixels unfortunately, there are too much garbage among these changes. One should never mix critical changes and just code prettifying in the same commit. Also, some changes can be questioned....

It is indeed a shame on me. I didn't make it possible for the array with parameters. I am already aware of the problem and planning for the new version....

Although technically you are right, it shouldn't be an issue, as you shouldn't use getOne() with a query that returns more than 1 row. Adding LIMIT 1 to your query...

Честно говоря, я решил замерить обе варианта на простом коде, который приведён ниже. И в вашем варианте у меня получилось в два раза дольше - 0,24 сек против 0,122... ```...

@pietuchowski Thank you for this PR. I appreciate its simplicity, but in general it contradicts with the lib's ideology. For now the rules are plain and simple: MySQL functions are...

@AlexMerser21 this is utterly wrong example. The point of the library is to use a placeholder for the **every** dynamical value. While `keys` and `values` are obviously supposed to be...

In your example some variables were going into query as is - without any formatting.

@laughtingman just use the `insertId()` method. I.e. $sql = "INSERT INTO ....)"; $db->query($sql, $value); $id = $db->insertId();