<?php

class Database {
  var $conn;

  function database() {
    $this->conn = mysql_connect(DB_HOST,DB_USER,DB_PASS);
    mysql_select_db(DB_NAME,$this->conn);
  }

  function query() {
    global $errors;
    $args = func_get_args();
    $queryar = explode('?',$args[0]);
    if (count($queryar) != count($args)) {
      $errors->add('Incorrect number of params to Database->query()');
      return;
    }
    $query = '';
    foreach ($queryar as $k => $qpart) {
      $query .= $qpart;
      if (isset($args[$k+1])) {
        $query .= $this->sanitize($args[$k+1]);
      }
    }
    $resource = mysql_query($query,$this->conn);
    if (preg_match('/^select /i',$query) || preg_match('/^desc /i',$query)) {
      $return = array();
      while (($row = mysql_fetch_assoc($resource)) !== false) {
        $return[] = $row;
      }
    } else {
      $return = $resource;
    }
    return $return;
  }

  function sanitize($str) {
    $str = "'".mysql_real_escape_string($str,$this->conn)."'";
    return $str;
  }
  
}

?>