// Syntax: xquery($query_template_text, $argument's_1_value, $argument's_2_value, ...)
// Special characters for a query template:
// ^@TableName - indicates that the combination ^@ is to be replaced with table prefix
// ^N - numeric parameter (is not to be quoted)
// ^S - string parameter (is to be quoted)
// ^0 - "NULL" or "NOT NULL"

// (c) Kamnev Artjom (Kamnium), Mesilov Maxim (Severus)
// http://life.screenshots.ru

// When query successed returns Recordset for SELECT or True for others.
// When error occurs returns False.

// PRIVATE! this replaces a special chars combination with a specified string
function repl($qtext, $pos, $with){
	return substr($qtext, 0, $pos) . $with . substr($qtext, $pos+2);
}// End of repl

function xquery(){
	global $opt_debug_mode;
	global $opt_debug_show_sql;
    global $opt_table_prefix; // getting prefix from the site's options


	// getting the list of function's arguments
	if (is_array(func_get_arg(0))){
		$args=func_get_arg(0);
	}else{
		$args=func_get_args();
	}

    $qtext=$args[0]; // the first argument is always query template text
    if (empty($qtext)){
        return false; // Hmm, nothing to do!
    }

    $qtext=str_replace('^@', $opt_table_prefix.'_', $qtext); // replacing with table prefixes
	$i=0; $curArg=1;

	while ($i<strlen($qtext)){ // strlen is always up-to-date, even if special chars are replaced
		if ($qtext{$i}=='^'){
			if ($curArg>=count($args)){
				return false; // too many parameters in the query template!
			}

			switch ($qtext{$i+1}){
				case 'N': {
					if (is_null($args[$curArg])){
						$qtext=repl($qtext, $i, 'NULL');
						continue;
					}

					if (!is_numeric($args[$curArg])){
						return false; // incorrect parameter, numbers only!
					}

					$qtext=repl($qtext, $i, $args[$curArg]);

					break;
				}
				case 'S': {
					if (is_null($args[$curArg])){
						$qtext=repl($qtext, $i, 'NULL');
						continue;
					}

					$args[$curArg]=str_replace("'", "`", $args[$curArg]);
					$args[$curArg]=str_replace('^', '!', $args[$curArg]);
					//$args[$curArg]=mysql_escape_string($args[$curArg]); // escaping for better security

					$qtext=repl($qtext, $i, "'" . $args[$curArg] . "'");

					break;
				}
				case '0': {
  					if (is_null($args[$curArg])){
			   			return false; // incorrect parameter, nulls are not allowed!
					}

					$args[$curArg]=strtoupper($args[$curArg]);

					if ( ($args[$curArg]!='NULL') && ($args[$curArg]!='NOT NULL') ){
						return false; // incorrect parameter, "NULL" or "NOT NULL" only!
					}

					$qtext=repl($qtext, $i, $args[$curArg]);

					break;
				}
				default: {
					$qtext=repl($qtext, $i, '  '); // hmm, don't worry, Kamnium waits for some new ideas!
				}
			}

			$curArg++;
		}else{

			$i++;

		}
	}

	if($opt_debug_show_sql==1){
		print('<P><CODE>Query string: '.$qtext.'<CODE></P>'."\r\n");
	}
	$ResultData=mysql_query($qtext);
	if (mysql_errno()<>0){
		if ($opt_debug_mode==1){
			printRN('<P><CODE>MySQL error: #'.mysql_errno().': '.mysql_error().'<BR>');
			printRN('Query string: '.$qtext.'</CODE></P>');
		}
	}
	return($ResultData);

}// End of xquery