Ryan proposed these methods to me. I cleaned them up a bit and added sanitization.
/**
* Insert an array of data into a table
* @param string $table WARNING: not sanitized!
* @param array $data should not already be SQL-escaped
* @return mixed results of $this->query()
*/
function insert($table, $data) {
$data = add_magic_quotes($data);
$fields = array_keys($data);
return $this->query("INSERT INTO $table (`" . implode('`,`',$fields) . "`) VALUES ('".implode("','",$data)."')");
}
/**
* Update a row in the table with an array of data
* @param string $table WARNING: not sanitized!
* @param array $data should not already be SQL-escaped
* @param string $where_col the column of the WHERE statement. WARNING: not sanitized!
* @param string $where_val the value of the WHERE statement. Should not already be SQL-escaped.
* @return mixed results of $this->query()
*/
function update($table, $data, $where_col, $where_val){
$data = add_magic_quotes($data);
$bits = array();
foreach ( array_keys($data) as $k )
$bits[] = "`$k`='$data[$k]'";
$where_val = $this->escape($where_val);
return $this->query("UPDATE $table SET ".implode(', ',$bits)." WHERE $where_col = '$where_val' LIMIT 1");
}
First place to use this is in wp_insert_post()
