Thanks for all of the input, especially from Roja and Maugrim_The_Reaper.
feyd and jshpro2, I apologize for how I have been acting. I tend to be extremely defensive and sharp with people. So, again, I apologize.
feyd:
So here are the answers:
Yes, there are many database abstraction layers around. ADOdb is probably the most famous for PHP.
I don't see the point of using your script over the something as feature rich and heavily used ADOdb. Maybe you could shed some light.
I don't particularly like the entire query being generated for me, as it can be mildly unpredictable. So I can't really think of anything at the moment.
I haven't been doing this for very long, I don't know what a database abstraction layer is, to be honest.
I usually write everything I need myself. I don't always have the patience to search for things, and it is not always easy for me to find something to fit my needs. I regularly make simple pages and databases for things like news, members, and other tedious things. I don't want to have to remember and write the same code 10,000 times for similar jobs and I'm sure there are other people who don't either.
This script really is designed for simple things like the ones mentioned above, insteading of writing the same 10 lines over and over you can initialize a class and call a function.
Roja:
The script
is currently more a concept than a script. I'm still deciding how different things are going to work.
I tried to elaborate on it's purpose with what I wrote to feyd. It's not meant to be an end-all solution to SQL vulnerabilities. I know I've mislead alot of people with the thread's title. Off the top of my head, the two main points of this program are; SQL generation and then execution, and injection prevention. If I wrote a script to handle SQL and didn't provide some kind of protection against injection, I would be a crappy developer.
I would appreciate it if people would keep in mind my experience level as well, I have scripted for games like Morrowind and Neverwinter Nights before PHP and just recently moved into web technologies, I did ASP/VBscript for two months, and PHP for around one month. There are alot of things that have been mentioned in this thread that I have no previous knowledge of.
Other than what I have read, I do not know much about mysql_real_escape_string or data escaping. Whether mysql_real_escape_string works or not, there are still reasons I see to not use it.
Software changes. Sure, it works fine now but it might not later. I would rather have a script sitting around that I can fix in 5 minutes, then wait for PHP to be updated. At my job, time is something I normally don't have.
It may not be a great reason to have protection beyond mysql_real_escape_string() but the truth is, you can almost never have too much security. Too much security would be a chastity belt.
To be honest, you haven't explained what your script does in specific enough detail. As a general statement, I would trust a script written with clear purpose, by an established coder, and widely distributed more. Thats not to say you can't fit all three in time, I'm just clarifying *my* criteria for interest, since you asked
Ha, I can't fit into all three right now but it's okay because I am trying to get on my feet. Truthfully I usually keep to myself and my closest friends. This is the first forum I have posted on in upwards of 4 years.
I see people making this script out to be more complicated than I intended it to be in the first place. I am hoping that everyone is beginning to understand what this script is intended to do and what it isn't.
Maugrim:
I appreciate your input but most paragraphs, I finished only to hear a swooshing sound above my head.
You may not be at the OOP stage yet in learning PHP
I'm guessing no.