<?php /** * mysql.class.php 数据库实现类 * * @copyright (C) 2005-2010 PHPCMS * @license http://www.phpcms.cn/license/ * @lastmodify 2010-6-1 */ final class Database { /** * 数据库配置信息 */ private $config = null; /** * 数据库连接资源句柄 */ public $link = null; /** * 最近一次查询资源句柄 */ public $lastqueryid = null; /** * 统计数据库查询次数 */ public $querycount = 0; public function __construct() { } /** * 打开数据库连接,有可能不真实连接数据库 * @param $config 数据库连接参数 * * @return void */ public function open($config) { $this->config = $config; if($config['autoconnect'] == 1) { $this->connect(); } } /** * 真正开启数据库连接 * * @return void */ public function connect() { //var_dump($this->config); if(!$this->link = @new mysqli($this->config['hostname'], $this->config['username'],$this->config['password'], $this->config['database'], $this->config['dbport'])){ $this->halt('Can not connect to MySQL server'); return false; } if ($this->link->connect_errno) { $this->halt("Connect failed: %s\n", $this->link->connect_error); exit(); } switch ($this->config['charset']){ case 'utf8': $query_string = " SET CHARACTER_SET_CLIENT = utf8, CHARACTER_SET_CONNECTION = utf8, CHARACTER_SET_DATABASE = utf8, CHARACTER_SET_RESULTS = utf8, CHARACTER_SET_SERVER = utf8, COLLATION_CONNECTION = utf8_general_ci, COLLATION_DATABASE = utf8_general_ci, COLLATION_SERVER = utf8_general_ci, sql_mode=''"; break; case 'GBK': $query_string = " SET CHARACTER_SET_CLIENT = gbk, CHARACTER_SET_CONNECTION = gbk, CHARACTER_SET_DATABASE = gbk, CHARACTER_SET_RESULTS = gbk, CHARACTER_SET_SERVER = gbk, COLLATION_CONNECTION = gbk_chinese_ci, COLLATION_DATABASE = gbk_chinese_ci, COLLATION_SERVER = gbk_chinese_ci, sql_mode=''"; break; default: $error = "Db Error: charset is Invalid"; $this->halt($error); } //进行编码声明 if (!$this->link->query($query_string)){ $this->halt("Db Error: ".mysqli_error($this->link)); } $this->database = $this->config['database']; return $this->link; } /** * 数据库查询执行方法 * @param $sql 要执行的sql语句 * @return 查询资源句柄 */ private function execute($sql) { //echo "<br>".$sql; if(!is_resource($this->link)) { $this->connect(); } $this->lastqueryid = $this->link->query($sql); // $this->halt(mysqli_error($this->link), $sql); $this->querycount++; return $this->lastqueryid; } /** * 执行sql查询 * @param $data 需要查询的字段值[例`name`,`gender`,`birthday`] * @param $table 数据表 * @param $where 查询条件[例`name`='$name'] * @param $limit 返回结果范围[例:10或10,10 默认为空] * @param $order 排序方式 [默认按数据库默认方式排序] * @param $group 分组方式 [默认为空] * @param $key 返回数组按键名排序 * @return array 查询结果集数组 */ public function select($data, $table, $where = '', $limit = '', $order = '', $group ='', $key = '') { $where = $where == '' ? '' : ' WHERE '.$where; $order = $order == '' ? '' : ' ORDER BY '.$order; $group = $group == '' ? '' : ' GROUP BY '.$group; $limit = $limit == '' ? '' : ' LIMIT '.$limit; $field = explode(',', $data); array_walk($field, array($this, 'add_special_char')); $data = implode(',', $field); $sql = 'SELECT '.$data.' FROM `'.$this->config['database'].'`.`'.$table.'`'.$where.$group.$order.$limit; $this->execute($sql); if(!$this->lastqueryid) { return $this->lastqueryid; } $datalist = array(); while(($rs = $this->fetch_next()) != false) { if($key) { $datalist[$rs[$key]] = $rs; } else { $datalist[] = $rs; } } $this->free_result(); return $datalist; } /** * 获取单条记录查询 * @param $data 需要查询的字段值[例`name`,`gender`,`birthday`] * @param $table 数据表 * @param $where 查询条件 * @param $order 排序方式 [默认按数据库默认方式排序] * @param $group 分组方式 [默认为空] * @return array/null 数据查询结果集,如果不存在,则返回空 */ public function get_one($data, $table, $where = '', $order = '', $group = '') { $where = $where == '' ? '' : ' WHERE '.$where; $order = $order == '' ? '' : ' ORDER BY '.$order; $group = $group == '' ? '' : ' GROUP BY '.$group; $limit = ' LIMIT 1'; $field = explode( ',', $data); array_walk($field, array($this, 'add_special_char')); $data = implode(',', $field); $sql = 'SELECT '.$data.' FROM `'.$this->config['database'].'`.`'.$table.'`'.$where.$group.$order.$limit; $this->execute($sql); $res = $this->fetch_next(); $this->free_result(); return $res; } /** * 遍历查询结果集 * @param $type 返回结果集类型 * MYSQLI_ASSOC,MYSQL_NUM 和 MYSQL_BOTH * @return array */ public function fetch_next($type=MYSQLI_ASSOC) { $res = mysqli_fetch_array($this->lastqueryid, $type); if(!$res) { $this->free_result(); } return $res; } /** * 释放查询资源 * @return void */ public function free_result() { if(is_resource($this->lastqueryid)) { mysqli_free_result($this->lastqueryid); $this->lastqueryid = null; } } /** * 直接执行sql查询 * @param $sql 查询sql语句 * @return boolean/query resource 如果为查询语句,返回资源句柄,否则返回true/false */ public function query($sql) { //echo "<Br>".$sql; return $this->execute($sql); } /** * 执行添加记录操作 * @param $data 要增加的数据,参数为数组。数组key为字段值,数组值为数据取值 * @param $table 数据表 * @return boolean */ public function insert($data, $table, $return_insert_id = false, $replace = false) { if(!is_array( $data ) || $table == '' || count($data) == 0) { return false; } $fielddata = array_keys($data); $valuedata = array_values($data); array_walk($fielddata, array($this, 'add_special_char')); array_walk($valuedata, array($this, 'escape_string')); $field = implode (',', $fielddata); $value = implode (',', $valuedata); $cmd = $replace ? 'REPLACE INTO' : 'INSERT INTO'; $sql = $cmd.' `'.$this->config['database'].'`.`'.$table.'`('.$field.') VALUES ('.$value.')'; $return = $this->execute($sql); return $return_insert_id ? $this->insert_id() : $return; } /** * 获取最后一次添加记录的主键号 * @return int */ public function insert_id() { return mysqli_insert_id($this->link); } /** * 执行更新记录操作 * @param $data 要更新的数据内容,参数可以为数组也可以为字符串,建议数组。 * 为数组时数组key为字段值,数组值为数据取值 * 为字符串时[例:`name`='phpcms',`hits`=`hits`+1]。 * 为数组时[例: array('name'=>'phpcms','password'=>'123456')] * 数组可使用array('name'=>'+=1', 'base'=>'-=1');程序会自动解析为`name` = `name` + 1, `base` = `base` - 1 * @param $table 数据表 * @param $where 更新数据时的条件 * @return boolean */ public function update($data, $table, $where = '') { if($table == '' or $where == '') { return false; } $where = ' WHERE '.$where; $field = ''; if(is_string($data) && $data != '') { $field = $data; } elseif (is_array($data) && count($data) > 0) { $fields = array(); foreach($data as $k=>$v) { switch (substr($v, 0, 2)) { case '+=': $v = substr($v,2); if (is_numeric($v)) { $fields[] = $this->add_special_char($k).'='.$this->add_special_char($k).'+'.$this->escape_string($v, '', false); } else { continue; } break; case '-=': $v = substr($v,2); if (is_numeric($v)) { $fields[] = $this->add_special_char($k).'='.$this->add_special_char($k).'-'.$this->escape_string($v, '', false); } else { continue; } break; default: $fields[] = $this->add_special_char($k).'='.$this->escape_string($v); } } $field = implode(',', $fields); } else { return false; } $sql = 'UPDATE `'.$this->config['database'].'`.`'.$table.'` SET '.$field.$where; return $this->execute($sql); } /** * 执行删除记录操作 * @param $table 数据表 * @param $where 删除数据条件,不充许为空。 * 如果要清空表,使用empty方法 * @return boolean */ public function delete($table, $where) { if ($table == '' || $where == '') { return false; } $where = ' WHERE '.$where; $sql = 'DELETE FROM `'.$this->config['database'].'`.`'.$table.'`'.$where; return $this->execute($sql); } /** * 获取最后数据库操作影响到的条数 * @return int */ public function affected_rows() { return mysql_affected_rows($this->link); } /** * 获取数据表主键 * @param $table 数据表 * @return array */ public function get_primary($table) { $this->execute("SHOW COLUMNS FROM $table"); while($r = $this->fetch_next()) { if($r['Key'] == 'PRI') break; } return $r['Field']; } /** * 获取表字段 * @param $table 数据表 * @return array */ public function get_fields($table) { $fields = array(); $this->execute("SHOW COLUMNS FROM $table"); while($r = $this->fetch_next()) { $fields[$r['Field']] = $r['Type']; } return $fields; } /** * 检查不存在的字段 * @param $table 表名 * @return array */ public function check_fields($table, $array) { $fields = $this->get_fields($table); $nofields = array(); foreach($array as $v) { if(!array_key_exists($v, $fields)) { $nofields[] = $v; } } return $nofields; } /** * 检查表是否存在 * @param $table 表名 * @return boolean */ public function table_exists($table) { $tables = $this->list_tables(); return in_array($table, $tables) ? 1 : 0; } public function list_tables() { $tables = array(); $this->execute("SHOW TABLES"); while($r = $this->fetch_next()) { $tables[] = $r['Tables_in_'.$this->config['database']]; } return $tables; } /** * 检查字段是否存在 * @param $table 表名 * @return boolean */ public function field_exists($table, $field) { $fields = $this->get_fields($table); return array_key_exists($field, $fields); } public function num_rows($sql) { $this->lastqueryid = $this->execute($sql); return mysqli_num_rows($this->lastqueryid); } public function num_fields($sql) { $this->lastqueryid = $this->execute($sql); return mysqli_num_fields($this->lastqueryid); } public function result($sql, $row) { $this->lastqueryid = $this->execute($sql); return @mysql_result($this->lastqueryid, $row); } public function error() { return @mysqli_error($this->link); } public function errno() { return intval(@mysqli_errno($this->link)) ; } public function version() { if(!is_resource($this->link)) { $this->connect(); } return mysqli_get_server_info($this->link); } public function close() { if (is_resource($this->link)) { @mysqli_close($this->link); } } public function halt($message = '', $sql = '') { if($this->config['debug']) { $this->errormsg = "<b>MySQL Query : </b> $sql <br /><b> MySQL Error : </b>".$this->error()." <br /> <b>MySQL Errno : </b>".$this->errno()." <br /><b> Message : </b> $message <br /><a href='http://faq.phpcms.cn/?errno=".$this->errno()."&msg=".urlencode($this->error())."' target='_blank' style='color:red'>Need Help?</a>"; $msg = $this->errormsg; echo '<div style="font-size:12px;text-align:left; border:1px solid #9cc9e0; padding:1px 4px;color:#000000;font-family:Arial, Helvetica,sans-serif;"><span>'.$msg.'</span></div>'; exit; } else { return false; } } /** * 对字段两边加反引号,以保证数据库安全 * @param $value 数组值 */ public function add_special_char(&$value) { if('*' == $value || false !== strpos($value, '(') || false !== strpos($value, '.') || false !== strpos ( $value, '`')) { //不处理包含* 或者 使用了sql方法。 } else { $value = '`'.trim($value).'`'; } if (preg_match("/\b(select|insert|update|delete)\b/i", $value)) { $value = preg_replace("/\b(select|insert|update|delete)\b/i", '', $value); } return $value; } /** * 对字段值两边加引号,以保证数据库安全 * @param $value 数组值 * @param $key 数组key * @param $quotation */ public function escape_string(&$value, $key='', $quotation = 1) { if ($quotation) { $q = '\''; } else { $q = ''; } $value = $q.$value.$q; return $value; } } // here's a rough replacement using mysqli: // 错略的使用mysqli替换 if(!function_exists('mysql_result')) { function mysql_result($result, $number, $field=0) { mysqli_data_seek($result, $number); $row = mysqli_fetch_array($result); return $row[$field]; } } ?>

Heiße KI -Werkzeuge

Undresser.AI Undress
KI-gestützte App zum Erstellen realistischer Aktfotos

AI Clothes Remover
Online-KI-Tool zum Entfernen von Kleidung aus Fotos.

Undress AI Tool
Ausziehbilder kostenlos

Clothoff.io
KI-Kleiderentferner

AI Hentai Generator
Erstellen Sie kostenlos Ai Hentai.

Heißer Artikel

Heiße Werkzeuge

Herunterladen der Mac-Version des Atom-Editors
Der beliebteste Open-Source-Editor

ZendStudio 13.5.1 Mac
Leistungsstarke integrierte PHP-Entwicklungsumgebung

DVWA
Damn Vulnerable Web App (DVWA) ist eine PHP/MySQL-Webanwendung, die sehr anfällig ist. Seine Hauptziele bestehen darin, Sicherheitsexperten dabei zu helfen, ihre Fähigkeiten und Tools in einem rechtlichen Umfeld zu testen, Webentwicklern dabei zu helfen, den Prozess der Sicherung von Webanwendungen besser zu verstehen, und Lehrern/Schülern dabei zu helfen, in einer Unterrichtsumgebung Webanwendungen zu lehren/lernen Sicherheit. Das Ziel von DVWA besteht darin, einige der häufigsten Web-Schwachstellen über eine einfache und unkomplizierte Benutzeroberfläche mit unterschiedlichen Schwierigkeitsgraden zu üben. Bitte beachten Sie, dass diese Software

WebStorm-Mac-Version
Nützliche JavaScript-Entwicklungstools

Sicherer Prüfungsbrowser
Safe Exam Browser ist eine sichere Browserumgebung für die sichere Teilnahme an Online-Prüfungen. Diese Software verwandelt jeden Computer in einen sicheren Arbeitsplatz. Es kontrolliert den Zugriff auf alle Dienstprogramme und verhindert, dass Schüler nicht autorisierte Ressourcen nutzen.