Values is just the same as any other db method...

array( 'foo' => 'b"ar', 'baz=bar' ) outputs foo = 'b"ar' AND baz=bar When you pass a string it is just outputted directly, in key/value pairs in an array the key is the field name, and the value is the value (it will be escaped by the database class), though a item in an array without a key will also be outputted raw, though it'll be put in between ANDs.

I strongly recommend making use of the key=>value array pairs. The only reason not to use them is if you are doing something complex involving multiple fields, aliases, or things like greaterthan/lessthan...

INs are handled natively as well...

array( 'foo' => array( 'bar', 'baz' ) ) outputs foo IN( 'bar', 'baz' )

And yes, there is a escape function inside the database class. Just take a look through the class and you'll see what methods you have to use.

~Daniel Friesen(Dantman, Nadir-Seen-Fire) of: -The Nadir-Point Group (http://nadir-point.com) --It's Wiki-Tools subgroup (http://wiki-tools.com) --The ElectronicMe project (http://electronic-me.org) --Games-G.P.S. (http://ggps.org) -And Wikia ACG on Wikia.com (http://wikia.com/wiki/Wikia_ACG) --Animepedia (http://anime.wikia.com) --Narutopedia (http://naruto.wikia.com)

GF wrote:

Database::update ( $ table, $ values, $ conds, $ fname = 'Database::update', $ options = array() )

UPDATE wrapper, takes a condition array and a SET array.

Parameters: string $table The table to UPDATE array $values An array of values to SET array $conds An array of conditions (WHERE). Use '*' to update all rows. string $fname The Class::Function calling this function (for the log) array $options An array of UPDATE options, can be one or more of IGNORE, LOW_PRIORITY

Should I pass $values already escaped? Should I use some function indipendent from the db to escape it? I can do it with mysql php escaping function, but I think it's no good to use a DB specific function there... or isn't?

thank you.