// Include Abstraction Layer
include('database.class.php');
// Get Instance of DB
$DB = DB::getInstance("database");
// Variable to be used in query
$var = $_GET['var'];
// Escaped Variable
$clean_var = $DB->prepare($var);
// Dirty array
$arr = array($_GET{'a'],$_GET['b']);
$clean_arr = $DB->prepare($arr);
// Query DB, Return Object format
$result = $DB->query("SELECT * FROM table WHERE var='$clean_var'","OBJ");
// Recurse through rows, echoing an escaped row value
foreach($result->rows as $row){
echo $row->escape('first_name');
}
// Show results in report format as html
echo $result->asHTML();
// Return results in XML format
echo $result->asXML();
|