Home >php教程 >php手册 >mysql数据库连接程序

mysql数据库连接程序

WBOY
WBOYOriginal
2016-06-13 10:08:13837browse

mysql教程数据库教程连接程序
这里提供的数据库连接类程序,后面还提供了一个sql安全检测函数与sql语句完整性检测函数。*/

class db_mysql {
 var $connid;
 var $querynum = 0;
 var $expires;
 var $cursor = 0;
 var $cache_id = '';
 var $cache_file = '';
 var $cache_expires = '';
 var $halt = 0;
 var $result = array();

 function connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect = 0) {
  global $cfg;
  $this->expires = $cfg['db_expires'];
  $func = $pconnect == 1 ? 'mysql_pconnect' : 'mysql_connect';
  if(!$this->connid = $func($dbhost, $dbuser, $dbpw)) {
   $this->halt('can not connect to mysql server');
  }
  if($this->version() > '4.1' && $cfg['db_charset']) {
   mysql_query("set names '".$cfg['db_charset']."'" , $this->connid);
  }
  if($this->version() > '5.0') {
   mysql_query("set sql_mode=''" , $this->connid);
  }
  if($dbname) {
   if(!mysql_select_db($dbname , $this->connid)) {
    $this->halt('cannot use database '.$dbname);
   }
  }
  return $this->connid;
 }

 function select_db($dbname) {
  return mysql_select_db($dbname , $this->connid);
 }

 function query($sql , $type = '', $expires = 0, $save_id = false) {
        $sql=checksql($sql);
  if($type == 'cache' && stristr($sql, 'select')) {
   $this->cursor = 0;
   $this->cache_id = md5($sql);
   $this->result = array();
   $this->cache_expires = $expires ? $expires + mt_rand(-9, 9) : $this->expires;
   return $this->_query($sql);
  }
  if(!$save_id) $this->cache_id = 0;
  $func = $type == 'unbuffered' ? 'mysql_unbuffered_query' : 'mysql_query';
  if(!($query = $func($sql , $this->connid)) && $this->halt) {
   $this->halt('mysql query error', $sql);
  }
  $this->querynum++;
  return $query;
 }

 function get_one($sql, $type = '', $expires = 0) {
  $query = $this->query($sql, $type, $expires);
  $r = $this->fetch_array($query);
  $this->free_result($query);
  return $r ;
 }
 
 function counter($table, $condition = '', $type = '', $expires = 0) {
  global $cfg;
  $table = strpos($table, $cfg['tb_pre']) === false ? $cfg['tb_pre'].$table : $table;
  $sql = "select count(*) as num from {$table}";
  if($condition) $sql .= " where $condition";
  $r = $this->get_one($sql, $type, $expires);
  return $r ? $r['num'] : 0;
 }

 function fetch_array($query, $result_type = mysql_assoc) {
  return $this->cache_id ? $this->_fetch_array($query) : @mysql_fetch_array($query, $result_type);
 }

 function affected_rows() {
  return mysql_affected_rows($this->connid);
 }

 function num_rows($query) {
  return mysql_num_rows($query);
 }

 function num_fields($query) {
  return mysql_num_fields($query);
 }
 function escape_string($str){
  return mysql_escape_string($str);
 }
 function result($query, $row) {
  return @mysql_result($query, $row);
 }

 function free_result($query) {
  return @mysql_free_result($query);
 }

 function insert_id() {
  return mysql_insert_id($this->connid);
 }

 function fetch_row($query) {
  return mysql_fetch_row($query);
 }

 function version() {
  return mysql_get_server_info($this->connid);
 }

 function close() {
  return mysql_close($this->connid);
 }

 function error() {
  return @mysql_error($this->connid);
 }

 function errno() {
  return intval(@mysql_errno($this->connid)) ;
 }

 function halt($message = '', $sql = '') {
  global $cfg;
  if($message) {
   if($cfg['errlog']) {
    $log = "query:$sql|errno:".$this->errno()."|error:".$this->error()."|errmsg:$message";
    log_write($log, 'sql');
   }
  }
        showmsg("mysqlerror:$message",'-1');
        exit();
 }

 function _query($sql) {
  global $fr_time;
  $this->cache_file = cache_root.'/sql/'.substr($this->cache_id, 0, 2).'/'.$this->cache_id.'.php教程';
  if(!is_file($this->cache_file) || ($fr_time - @filemtime($this->cache_file) > $this->cache_expires)) {
   $tmp = array();
   $result = $this->query($sql, '', '', true);
   while($r = mysql_fetch_array($result, mysql_assoc)) {
    $tmp[] = $r;
   }
   $this->result = $tmp;
   $this->free_result($result);
   file_put($this->cache_file, "cache_expires)."*/ return ".var_export($this->result, true).";n?>");
  } else {
      $this->result = include $this->cache_file;
  }
  return $this->result;
 }

 function _fetch_array($query = array()) {
  if($query) $this->result = $query;
  if(isset($this->result[$this->cursor])) {
   return $this->result[$this->cursor++];
  } else {
   $this->cursor = $this->cache_id = 0;
   return array();
  }
 }
}

function checksql($dbstr,$querytype='select'){
 $clean = '';
 $old_pos = 0;
 $pos = -1;
 //普通语句,直接过滤特殊语法
 if($querytype=='select'){
  $nastr = "/[^0-9a-z@._-]{1,}(union|sleep|benchmark|load_file|outfile)[^0-9a-z@.-]{1,}/i";
  if(preg_match($nastr,$dbstr)){
            log_write($dbstr,'sql');
            showmsg('safeerror:10001', '网页特效:;');
            exit();
  }
 }
 //完整的sql检查
 while (true){
  $pos = strpos($dbstr, ''', $pos + 1);
  if ($pos === false){
   break;
  }
  $clean .= substr($dbstr, $old_pos, $pos - $old_pos);
  while (true){
   $pos1 = strpos($dbstr, ''', $pos + 1);
   $pos2 = strpos($dbstr, '', $pos + 1);
   if ($pos1 === false){
    break;
   }
   elseif ($pos2 == false || $pos2 > $pos1){
    $pos = $pos1;
    break;
   }
   $pos = $pos2 + 1;
  }
  $clean .= '$s$';
  $old_pos = $pos + 1;
 }
 $clean .= substr($dbstr, $old_pos);
 $clean = trim(strtolower(preg_replace(array('~s+~s' ), array(' '), $clean)));
 if (strpos($clean, 'union') !== false && preg_match('~(^|[^a-z])union($|[^[a-z])~s', $clean) != 0){
  $fail = true;
 }
 elseif (strpos($clean, '/*') > 2 || strpos($clean, '--') !== false || strpos($clean, '#') !== false){
  $fail = true;
 }
 elseif (strpos($clean, 'sleep') !== false && preg_match('~(^|[^a-z])sleep($|[^[a-z])~s', $clean) != 0){
  $fail = true;
 }
 elseif (strpos($clean, 'benchmark') !== false && preg_match('~(^|[^a-z])benchmark($|[^[a-z])~s', $clean) != 0){
  $fail = true;
 }
 elseif (strpos($clean, 'load_file') !== false && preg_match('~(^|[^a-z])load_file($|[^[a-z])~s', $clean) != 0){
  $fail = true;
 }
 elseif (strpos($clean, 'into outfile') !== false && preg_match('~(^|[^a-z])intos+outfile($|[^[a-z])~s', $clean) != 0){
  $fail = true;
 }
 elseif (preg_match('~([^)]*?select~s', $clean) != 0){
  $fail = true;
 }
 if (!empty($fail)){
        log_write($dbstr,'sql');
        showmsg('safeerror:10002', 'javascript:;');exit;
 }
 else
 {
  return $dbstr;
 }
}

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn