Heim >php教程 >php手册 >mysql数据库连接程序

mysql数据库连接程序

WBOY
WBOYOriginal
2016-06-13 10:08:13858Durchsuche

mysql教程数据库教程连接程序
这里提供的数据库连接类程序,后面还提供了一个sql安全检测函数与sql语句完整性检测函数。*/

class db_mysql {
 var $connid;
 var $querynum = 0;
 var $expires;
 var $cursor = 0;
 var $cache_id = '';
 var $cache_file = '';
 var $cache_expires = '';
 var $halt = 0;
 var $result = array();

 function connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect = 0) {
  global $cfg;
  $this->expires = $cfg['db_expires'];
  $func = $pconnect == 1 ? 'mysql_pconnect' : 'mysql_connect';
  if(!$this->connid = $func($dbhost, $dbuser, $dbpw)) {
   $this->halt('can not connect to mysql server');
  }
  if($this->version() > '4.1' && $cfg['db_charset']) {
   mysql_query("set names '".$cfg['db_charset']."'" , $this->connid);
  }
  if($this->version() > '5.0') {
   mysql_query("set sql_mode=''" , $this->connid);
  }
  if($dbname) {
   if(!mysql_select_db($dbname , $this->connid)) {
    $this->halt('cannot use database '.$dbname);
   }
  }
  return $this->connid;
 }

 function select_db($dbname) {
  return mysql_select_db($dbname , $this->connid);
 }

 function query($sql , $type = '', $expires = 0, $save_id = false) {
        $sql=checksql($sql);
  if($type == 'cache' && stristr($sql, 'select')) {
   $this->cursor = 0;
   $this->cache_id = md5($sql);
   $this->result = array();
   $this->cache_expires = $expires ? $expires + mt_rand(-9, 9) : $this->expires;
   return $this->_query($sql);
  }
  if(!$save_id) $this->cache_id = 0;
  $func = $type == 'unbuffered' ? 'mysql_unbuffered_query' : 'mysql_query';
  if(!($query = $func($sql , $this->connid)) && $this->halt) {
   $this->halt('mysql query error', $sql);
  }
  $this->querynum++;
  return $query;
 }

 function get_one($sql, $type = '', $expires = 0) {
  $query = $this->query($sql, $type, $expires);
  $r = $this->fetch_array($query);
  $this->free_result($query);
  return $r ;
 }
 
 function counter($table, $condition = '', $type = '', $expires = 0) {
  global $cfg;
  $table = strpos($table, $cfg['tb_pre']) === false ? $cfg['tb_pre'].$table : $table;
  $sql = "select count(*) as num from {$table}";
  if($condition) $sql .= " where $condition";
  $r = $this->get_one($sql, $type, $expires);
  return $r ? $r['num'] : 0;
 }

 function fetch_array($query, $result_type = mysql_assoc) {
  return $this->cache_id ? $this->_fetch_array($query) : @mysql_fetch_array($query, $result_type);
 }

 function affected_rows() {
  return mysql_affected_rows($this->connid);
 }

 function num_rows($query) {
  return mysql_num_rows($query);
 }

 function num_fields($query) {
  return mysql_num_fields($query);
 }
 function escape_string($str){
  return mysql_escape_string($str);
 }
 function result($query, $row) {
  return @mysql_result($query, $row);
 }

 function free_result($query) {
  return @mysql_free_result($query);
 }

 function insert_id() {
  return mysql_insert_id($this->connid);
 }

 function fetch_row($query) {
  return mysql_fetch_row($query);
 }

 function version() {
  return mysql_get_server_info($this->connid);
 }

 function close() {
  return mysql_close($this->connid);
 }

 function error() {
  return @mysql_error($this->connid);
 }

 function errno() {
  return intval(@mysql_errno($this->connid)) ;
 }

 function halt($message = '', $sql = '') {
  global $cfg;
  if($message) {
   if($cfg['errlog']) {
    $log = "query:$sql|errno:".$this->errno()."|error:".$this->error()."|errmsg:$message";
    log_write($log, 'sql');
   }
  }
        showmsg("mysqlerror:$message",'-1');
        exit();
 }

 function _query($sql) {
  global $fr_time;
  $this->cache_file = cache_root.'/sql/'.substr($this->cache_id, 0, 2).'/'.$this->cache_id.'.php教程';
  if(!is_file($this->cache_file) || ($fr_time - @filemtime($this->cache_file) > $this->cache_expires)) {
   $tmp = array();
   $result = $this->query($sql, '', '', true);
   while($r = mysql_fetch_array($result, mysql_assoc)) {
    $tmp[] = $r;
   }
   $this->result = $tmp;
   $this->free_result($result);
   file_put($this->cache_file, "cache_expires)."*/ return ".var_export($this->result, true).";n?>");
  } else {
      $this->result = include $this->cache_file;
  }
  return $this->result;
 }

 function _fetch_array($query = array()) {
  if($query) $this->result = $query;
  if(isset($this->result[$this->cursor])) {
   return $this->result[$this->cursor++];
  } else {
   $this->cursor = $this->cache_id = 0;
   return array();
  }
 }
}

function checksql($dbstr,$querytype='select'){
 $clean = '';
 $old_pos = 0;
 $pos = -1;
 //普通语句,直接过滤特殊语法
 if($querytype=='select'){
  $nastr = "/[^0-9a-z@._-]{1,}(union|sleep|benchmark|load_file|outfile)[^0-9a-z@.-]{1,}/i";
  if(preg_match($nastr,$dbstr)){
            log_write($dbstr,'sql');
            showmsg('safeerror:10001', '网页特效:;');
            exit();
  }
 }
 //完整的sql检查
 while (true){
  $pos = strpos($dbstr, ''', $pos + 1);
  if ($pos === false){
   break;
  }
  $clean .= substr($dbstr, $old_pos, $pos - $old_pos);
  while (true){
   $pos1 = strpos($dbstr, ''', $pos + 1);
   $pos2 = strpos($dbstr, '', $pos + 1);
   if ($pos1 === false){
    break;
   }
   elseif ($pos2 == false || $pos2 > $pos1){
    $pos = $pos1;
    break;
   }
   $pos = $pos2 + 1;
  }
  $clean .= '$s$';
  $old_pos = $pos + 1;
 }
 $clean .= substr($dbstr, $old_pos);
 $clean = trim(strtolower(preg_replace(array('~s+~s' ), array(' '), $clean)));
 if (strpos($clean, 'union') !== false && preg_match('~(^|[^a-z])union($|[^[a-z])~s', $clean) != 0){
  $fail = true;
 }
 elseif (strpos($clean, '/*') > 2 || strpos($clean, '--') !== false || strpos($clean, '#') !== false){
  $fail = true;
 }
 elseif (strpos($clean, 'sleep') !== false && preg_match('~(^|[^a-z])sleep($|[^[a-z])~s', $clean) != 0){
  $fail = true;
 }
 elseif (strpos($clean, 'benchmark') !== false && preg_match('~(^|[^a-z])benchmark($|[^[a-z])~s', $clean) != 0){
  $fail = true;
 }
 elseif (strpos($clean, 'load_file') !== false && preg_match('~(^|[^a-z])load_file($|[^[a-z])~s', $clean) != 0){
  $fail = true;
 }
 elseif (strpos($clean, 'into outfile') !== false && preg_match('~(^|[^a-z])intos+outfile($|[^[a-z])~s', $clean) != 0){
  $fail = true;
 }
 elseif (preg_match('~([^)]*?select~s', $clean) != 0){
  $fail = true;
 }
 if (!empty($fail)){
        log_write($dbstr,'sql');
        showmsg('safeerror:10002', 'javascript:;');exit;
 }
 else
 {
  return $dbstr;
 }
}

Stellungnahme:
Der Inhalt dieses Artikels wird freiwillig von Internetnutzern beigesteuert und das Urheberrecht liegt beim ursprünglichen Autor. Diese Website übernimmt keine entsprechende rechtliche Verantwortung. Wenn Sie Inhalte finden, bei denen der Verdacht eines Plagiats oder einer Rechtsverletzung besteht, wenden Sie sich bitte an admin@php.cn