prevent database update when no where statement found

[eluser]a&w[/eluser]
Thanks for the reply, but with all due respect, you missed my point. I realize it is my mistake. I was asking to see if someone came up with some kind of error check or class modification to prevent that.

Basically before doing any update statement, kill the update if no "where" portion of the query has been provided. This would be a collosal blunder on a production site should someone make some errant mistake like this.

I added:

Code:

if ($this->restrict_no_where)
{
    return $sql = '';
}

to the appropriate db driver (mysqli_driver, etc) to illustrate my point. I could add that property to the config for that database or overwrite where needed perhaps.

Code:

/**
     * Update statement
     *
     * Generates a platform-specific update string from the supplied data
     *
     * @access    public
     * @param    string    the table name
     * @param    array    the update data
     * @param    array    the where clause
     * @param    array    the orderby clause
     * @param    array    the limit clause
     * @return    string
     */
    function _update($table, $values, $where, $orderby = array(), $limit = FALSE)
    {
        foreach($values as $key => $val)
        {
            $valstr[] = $key." = ".$val;
        }
        
        $limit = ( ! $limit) ? '' : ' LIMIT '.$limit;
        
        $orderby = (count($orderby) >= 1)?' ORDER BY '.implode(", ", $orderby):'';
    
        $sql = "UPDATE ".$table." SET ".implode(', ', $valstr);
/*CHANGE*/
        if (!$where && $this->restrict_no_where)
        {
            return $sql = '';
        }
/*CHANGE*/
        else
        {
            $sql .= ($where != '' AND count($where) >=1) ? " WHERE ".implode(" ", $where) : '';
        
        }
        
        $sql .= $orderby.$limit;
        
        return $sql;
    }