Heim >Backend-Entwicklung >PHP-Tutorial >php防sql注入类(php pdo防止sql注入的类)

php防sql注入类(php pdo防止sql注入的类)

WBOY
WBOYOriginal
2016-07-25 08:52:021150Durchsuche
  1. class Model{

  2. protected $tableName="";//表名称
  3. protected $pOb;//pdo类对象
  4. function __construct(){
  5. $pdo=new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME,DB_USERNAME,DB_PASSWORD);
  6. $pdo->exec("set names ".DB_CHARSET);
  7. $this->pOb=$pdo;
  8. }
  9. /*
  10. * 作用:增
  11. * 参数:array $arr exp:array('字段名'=>值,'字段名'=>值,....)
  12. * return:int|false
  13. */
  14. function add($arr){
  15. //拼sql语句
  16. $kArr=array_keys($arr);
  17. $kStr=join(",",$kArr);
  18. $vArr=array_values($arr);
  19. $pStr = '';

  20. foreach ($vArr as $s=>$y){
  21. $vname = "p".$s;
  22. $pStr.=':'.$vname.',';
  23. }
  24. $pStr = substr($pStr,0,-1);
  25. $sql = "insert into {$this->tableName}($kStr) values($pStr)";

  26. print_r($sql);

  27. $pdoS = $this->pOb ->prepare($sql);
  28. foreach ($vArr as $k=>$y){
  29. $vname = "p".$k;
  30. $$vname = $y;
  31. var_dump($vname,$$vname);
  32. $pdoS -> bindParam(":".$vname, $$vname,PDO::PARAM_STR);
  33. }

  34. $re = $pdoS -> execute();
  35. if($re){//添加成功
  36. //返回主键id值
  37. return $this->pOb->lastInsertId();
  38. }
  39. //返回值
  40. return $re;
  41. }
  42. public function delete($arrWhere){
  43. if(!empty($arrWhere)){
  44. $strW = " where ";
  45. foreach($arrWhere as $kW=>$vW){
  46. $kn = str_replace(":", "", $kW);
  47. if(count($arrWhere)==1){
  48. $strW .= $kn."=".$kW;
  49. }else{
  50. $strW .= $kn."=".$kW." and ";
  51. }
  52. }
  53. if(count($arrWhere)>1){
  54. $strW .= " 1=1 ";
  55. }
  56. }
  57. $sql = "delete from {$this->tableName}".$strW;
  58. print_r($sql);
  59. $pdoS = $this->pOb->prepare($sql);
  60. foreach ($arrWhere as $kW=>$vW){
  61. $kn = str_replace(":", "", $kW);
  62. $$kn = $vW;
  63. if(is_int($vW)){
  64. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  65. }else if(is_float($vW)){
  66. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  67. }else{
  68. $pdoS->bindParam($kW,$$kn,PDO::PARAM_STR);
  69. }
  70. }
  71. $re=$pdoS->execute();
  72. if($re){
  73. return true;
  74. }else {
  75. return false;
  76. }
  77. }
  78. function update($arrSet,$arrWhere){
  79. //拼sql语句
  80. $str = "";
  81. $n=0;
  82. foreach ($arrSet as $kS=>$vS){
  83. $str .= ",".$kS."=:p".$n++;

  84. }
  85. $str = substr($str, 1);
  86. foreach($arrWhere as $kW=>$vW){
  87. $kn=str_replace(":","",$kW);
  88. if(count($arrWhere)==1){
  89. $strW .= $kn."=".$kW;
  90. }else{
  91. $strW .= $kn."=".$kW." and ";
  92. }
  93. }
  94. if(count($arrWhere)>1){
  95. $strW .= " 1=1 ";
  96. }
  97. $sql="update {$this->tableName} set {$str} where ".$strW;

  98. //print_r($sql);
  99. $pdoS=$this->pOb->prepare($sql);

  100. $x = 0;
  101. foreach($arrSet as $kS=>$vS){
  102. $kS = ":p".$x++;

  103. $$kS = $vS;
  104. if(is_int($vS)){

  105. $pdoS->bindParam($kS,$$kS,PDO::PARAM_INT);
  106. }else if(is_float($vS)){
  107. $pdoS->bindParam($kS,$$kS,PDO::PARAM_INT);
  108. }else{
  109. $pdoS->bindParam($kS,$$kS,PDO::PARAM_STR);
  110. }
  111. }
  112. foreach($arrWhere as $kW=>$vW){
  113. $kn=str_replace(":","",$kW);
  114. $$kn=$vW;//$p0 $p1 $p2
  115. if(is_int($vW)){
  116. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  117. }else if(is_float($vW)){
  118. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  119. }else{
  120. $pdoS->bindParam($kW,$$kn,PDO::PARAM_STR);
  121. }
  122. }
  123. $re=$pdoS->execute();
  124. if($re){
  125. return true;
  126. }else{

  127. return false;
  128. }
  129. }

  130. //查
  131. function select($field="*",$ArrayWhere="",$order="",$limit=""){
  132. if(!empty($ArrayWhere)){
  133. $strW = " where ";
  134. foreach($ArrayWhere as $kW=>$vW){
  135. $kn=str_replace(":","",$kW);
  136. if(count($ArrayWhere)==1){
  137. $strW .= $kn."=".$kW;
  138. }else{

  139. $strW .= $kn."=".$kW." and ";
  140. }
  141. }
  142. if(count($ArrayWhere)>1){
  143. $strW .= " 1=1 ";
  144. }
  145. }
  146. if(!empty($order)){
  147. $order="order by ".$order;
  148. }
  149. if(!empty($limit)){
  150. $limit="limit ".$limit;
  151. }
  152. //select 字段列表 from 表名 where 条件 order by 字段 desc|asc limit start,length;
  153. $sql="select {$field} from {$this->tableName} {$strW} {$order} {$limit}";
  154. //print_r($sql);
  155. $pdoS=$this->pOb->prepare($sql);
  156. if(!empty($ArrayWhere)){
  157. foreach($ArrayWhere as $kW=>$vW){
  158. $kn=str_replace(":","",$kW);
  159. $$kn=$vW;
  160. if(is_int($vW)){
  161. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  162. }else if(is_float($vW)){
  163. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  164. }else{
  165. $pdoS->bindParam($kW,$$kn,PDO::PARAM_STR);
  166. }
  167. }
  168. }
  169. $re=$pdoS->execute();
  170. if($re){
  171. $pdoS->setFetchMode(PDO::FETCH_ASSOC);
  172. return $pdoS->fetchAll();
  173. }else {
  174. return false;
  175. }
  176. }
  177. }
复制代码


Stellungnahme:
Der Inhalt dieses Artikels wird freiwillig von Internetnutzern beigesteuert und das Urheberrecht liegt beim ursprünglichen Autor. Diese Website übernimmt keine entsprechende rechtliche Verantwortung. Wenn Sie Inhalte finden, bei denen der Verdacht eines Plagiats oder einer Rechtsverletzung besteht, wenden Sie sich bitte an admin@php.cn