 |
|
首页 │ Apache │ Linux│ Java│ MySQL│ 注册│帮助 | |||
订阅该问题
悬赏分:20 - 2007年08月22日
有什么不足之处大家多提提意见,呵呵,特别是对于性能和安全方面^_^其中防止跨站攻击功能还没做,没有好的方法
使用实例:
$data = $this->find($this->table,$this->condition,$this->select_fields,$this->order_by,$this->limit,$offset);
$data = $this->findBySql($this->sql);
$insert_row = $this->insertData('TB_TEST',array('test_name' => "o'k",'test_time' => date("Y-m-d H:i:s")));
$update_row = $this->updateData('TB_TEST',array('test_name' => 'update','test_time' => date("Y-m-d H:i:s")),array('test_id' => 30));
$delete_row = $this->deleteData('TB_TEST',array('test_id' => $_GET['test_id']));
db.php:
<?php
require_once(LIB_DIR.'class/safer'.PHP_EXT);
class Db extends Safer
{
/**
* 获取数据库访问对象
*/
public function connDb() {
include(LIB_DIR.CONFIG_DIR.'db_config'.PHP_EXT);
$dbs = $db['type'].':host='.$db['host'].';dbname='.$db['database'];
try {
$dbh = new PDO($dbs,$db['user'],$db['password'],array(PDO::ATTR_PERSISTENT => $db['persistent']));
return $dbh;
} catch (PDOException $e) {
print "Error: " . $e->getMessage() . "
";
die();
}
}
/**
* 新增数据
*/
public function insertData($table,$data) {
foreach($data as $inx => $val){
$data[$inx] = $this->quotes($val);
}
$field = ""; $value = "";
$size = count($data);
$i = 0;
foreach($data as $inx => $val){
if(!empty($val)){
$i++;
if($i < $size){
$field .= $inx.",";
$value .= "'".$val."',";
}else{
$field .= $inx;
$value .= "'".$val."'";
}
}
}
$sql = "insert into ".$table." (".$field.") values (".$value.")";
//echo $sql;
$count = $this->db->exec($sql);
return $count;
}
/**
* 更新数据
*/
public function updateData($table,$data,$condition){
foreach($data as $inx => $val){
$data[$inx] = $this->quotes($val);
}
$i = 0;
$size = count($data);
$update_fields ="";
foreach($data as $inx => $val){
if(!empty($val)){
$i++;
if($i < $size){
$update_fields .= $inx."='".$val."',";
}else{
$update_fields .= $inx."='".$val."'";
}
}
}
$sql = "update ".$table." set ".$update_fields." where 1";
if($condition){
if(is_array($condition)){
foreach($condition as $c_inx => $c_val){
$sql .= " and ".$c_inx."='".$c_val."'";
}
}else{
$sql .= " and ".$condition;
}
}
echo $sql;
$count = $this->db->exec($sql);
return $count;
}
/**
* 根据sql查询数据
*/
public function findBySql($sql){
$rs = $this->db->query($sql);
$rs->setFetchMode(PDO::FETCH_ASSOC);
$arr = $rs->fetchAll();
foreach($arr as $inx => $val){
$arr[$inx] = $this->unQuotes($val);
}
return $arr;
}
/**
* 查询数据
*/
public function find($table,$condition='',$fields='*',$order_by='',$limit='',$offset=0){
$sql = "select ";
if($fields){
if(is_array($fields)){
$i = 1;
$fields_num = count($fields);
foreach($fields as $f_inx => $f_val){
$sql .= $f_inx.".".$f_val;
if($i < $fields_num){
$sql .= ",";
}
$i++;
}
}else{
$sql .= $fields;
}
}
$sql .= " from ";
if(is_array($table)){
$i = 1;
$table_num = count($table);
foreach($table as $t_inx => $t_val){
$sql .= $t_val." ".$t_inx;
if($i < $table_num){
$sql .= ",";
}
$i++;
}
}else{
$sql .= $table;
}
$sql .= " where 1";
if($condition){
if(is_array($condition)){
foreach($condition as $c_inx => $c_val){
$sql .= " and ".$c_inx."='".$c_val."'";
}
}else{
$sql .= " and ".$condition;
}
}
if($order_by){
if(is_array($order_by)){
$sql .= " order by ";
$i = 1;
$order_by_num = count($order_by);
foreach($order_by as $t_inx => $t_val){
$sql .= $t_inx.".".$t_val;
if($i < $order_by_num){
$sql .= ",";
}
$i++;
}
}else{
$sql .= " order by ".$order_by;
}
}
if($limit){
$sql .= " limit ".$offset.",".$limit;
}
//echo $sql."
"; $arr = $this->findBySql($sql); return $arr; } /** * 取得总记录数 */ public function getTotalRow($table,$condition='',$fields='*'){ $arr = $this->find($table,$condition='',$fields='*',$order_by='',$limit='',$offset=0); $total_row = count($arr); return $total_row; } /** * 取得总记录数 */ public function getTotalRowBySql($sql){ $arr = $this->findBySql($sql); $total_row = count($arr); return $total_row; } /** * 删除 */ public function deleteData($table,$condition=''){ $sql = "delete from ".$table; $sql .= " where 1"; if($condition){ if(is_array($condition)){ foreach($condition as $c_inx => $c_val){ $c_val = $this->quotes($c_val); $sql .= " and ".$c_inx."='".$c_val."'"; } }else{ $sql .= " and ".$condition; } } $delete_row = $this->db->exec($sql); return $delete_row; } /** * 获得字段名称 */ public function getFields($table,$fields='*') { } } safer.php: <?php class Safer { /** * 过滤输入 */ public function quotes($content) { //如果magic_quotes_gpc=Off,那么就开始转义变量 if (!get_magic_quotes_gpc()) { if (is_array($content)) { foreach ($content as $key=>$value) { $content[$key] = addslashes($value); } } else { $content = addslashes($content); } } return $content; } public function quotesAll() { //转义_GET和_POST变量 if(isset($_GET)) { $_GET = $this->quotes($_GET); } if(isset($_POST)) { $_POST = $this->quotes($_POST); } //if(isset($_SESSION)) { // $_SESSION = $this->quotes($_SESSION); //} //if(isset($_COOKIE)) { // $_COOKIE = $this->quotes($_COOKIE); //} } /** * 转义输出 */ public function unQuotes($content) { if (is_array($content)) { foreach ($content as $key => $value) { $content[$key] = htmlentities($value, ENT_QUOTES, 'UTF-8'); } } else { $content = htmlentities($content, ENT_QUOTES, 'UTF-8'); } return $content; } /** * 过滤page变量 */ public function quotesPage($page) { $page = intval($page) > 0 ? intval($page) : 1; return $page; } /** * 防止跨站攻击 */ public function isOtherPost() { } } ?> [ 本帖最后由 Ultrawind 于 2007-3-9 12:10 AM 编辑 ]