Adapter for working with the database

This is a class method for working with a database. The question is what is the design for?
($key . ”) ?

   public function Insert($table, $object)
{           
    $columns = array();
    $values = array();
    foreach ($object as $key => $value)
    {
        $key = mysql_real_escape_string($key . '');
        $columns[] = $key;
        if ($value === null)
        {
            $values[] = 'NULL';
        }
        else
        {
            $value = mysql_real_escape_string($value . '');                         
            $values[] = "'$value'";
        }
    }
    $columns_s = implode(',', $columns);
    $values_s = implode(',', $values);
    $query = "INSERT INTO $table ($columns_s) VALUES ($values_s)";
    $result = mysql_query($query);
    if (!$result)
        die(mysql_error());
    return mysql_insert_id();
}

Answer 1, authority 100%

It appears to be $key . ''is just a type conversion of a variable to a string. Why this is needed in a particular case is not clear: PHP itself can convert types. Apparently, for clarity.


Answer 2

string mysql_real_escape_string ( string $unescaped_string [, resource $link_identifier ] )

Escapes special characters in an unescaped_string, taking into account the connection encoding, so that the result can be safely used in an SQL query in the mysql_query() function. If binary data is inserted, then this function must also be applied to them.

mysql_real_escape_string() calls the MySQL library function mysql_real_escape_string, which appends a backslash to the following characters: x00, n, r, , ‘, ” and x1a.

This function should always (with a few exceptions) be used in order to secure data inserted into a query before it is sent to MySQL.

use google at least sometimes


Answer 3

http://php.net/manual/ru/function.mysql-real-escape-string.php