Maison >développement back-end >tutoriel php >php防sql注入类(php pdo防止sql注入的类)

php防sql注入类(php pdo防止sql注入的类)

WBOY
WBOYoriginal
2016-07-25 08:52:021149parcourir
  1. class Model{

  2. protected $tableName="";//表名称
  3. protected $pOb;//pdo类对象
  4. function __construct(){
  5. $pdo=new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME,DB_USERNAME,DB_PASSWORD);
  6. $pdo->exec("set names ".DB_CHARSET);
  7. $this->pOb=$pdo;
  8. }
  9. /*
  10. * 作用:增
  11. * 参数:array $arr exp:array('字段名'=>值,'字段名'=>值,....)
  12. * return:int|false
  13. */
  14. function add($arr){
  15. //拼sql语句
  16. $kArr=array_keys($arr);
  17. $kStr=join(",",$kArr);
  18. $vArr=array_values($arr);
  19. $pStr = '';

  20. foreach ($vArr as $s=>$y){
  21. $vname = "p".$s;
  22. $pStr.=':'.$vname.',';
  23. }
  24. $pStr = substr($pStr,0,-1);
  25. $sql = "insert into {$this->tableName}($kStr) values($pStr)";

  26. print_r($sql);

  27. $pdoS = $this->pOb ->prepare($sql);
  28. foreach ($vArr as $k=>$y){
  29. $vname = "p".$k;
  30. $$vname = $y;
  31. var_dump($vname,$$vname);
  32. $pdoS -> bindParam(":".$vname, $$vname,PDO::PARAM_STR);
  33. }

  34. $re = $pdoS -> execute();
  35. if($re){//添加成功
  36. //返回主键id值
  37. return $this->pOb->lastInsertId();
  38. }
  39. //返回值
  40. return $re;
  41. }
  42. public function delete($arrWhere){
  43. if(!empty($arrWhere)){
  44. $strW = " where ";
  45. foreach($arrWhere as $kW=>$vW){
  46. $kn = str_replace(":", "", $kW);
  47. if(count($arrWhere)==1){
  48. $strW .= $kn."=".$kW;
  49. }else{
  50. $strW .= $kn."=".$kW." and ";
  51. }
  52. }
  53. if(count($arrWhere)>1){
  54. $strW .= " 1=1 ";
  55. }
  56. }
  57. $sql = "delete from {$this->tableName}".$strW;
  58. print_r($sql);
  59. $pdoS = $this->pOb->prepare($sql);
  60. foreach ($arrWhere as $kW=>$vW){
  61. $kn = str_replace(":", "", $kW);
  62. $$kn = $vW;
  63. if(is_int($vW)){
  64. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  65. }else if(is_float($vW)){
  66. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  67. }else{
  68. $pdoS->bindParam($kW,$$kn,PDO::PARAM_STR);
  69. }
  70. }
  71. $re=$pdoS->execute();
  72. if($re){
  73. return true;
  74. }else {
  75. return false;
  76. }
  77. }
  78. function update($arrSet,$arrWhere){
  79. //拼sql语句
  80. $str = "";
  81. $n=0;
  82. foreach ($arrSet as $kS=>$vS){
  83. $str .= ",".$kS."=:p".$n++;

  84. }
  85. $str = substr($str, 1);
  86. foreach($arrWhere as $kW=>$vW){
  87. $kn=str_replace(":","",$kW);
  88. if(count($arrWhere)==1){
  89. $strW .= $kn."=".$kW;
  90. }else{
  91. $strW .= $kn."=".$kW." and ";
  92. }
  93. }
  94. if(count($arrWhere)>1){
  95. $strW .= " 1=1 ";
  96. }
  97. $sql="update {$this->tableName} set {$str} where ".$strW;

  98. //print_r($sql);
  99. $pdoS=$this->pOb->prepare($sql);

  100. $x = 0;
  101. foreach($arrSet as $kS=>$vS){
  102. $kS = ":p".$x++;

  103. $$kS = $vS;
  104. if(is_int($vS)){

  105. $pdoS->bindParam($kS,$$kS,PDO::PARAM_INT);
  106. }else if(is_float($vS)){
  107. $pdoS->bindParam($kS,$$kS,PDO::PARAM_INT);
  108. }else{
  109. $pdoS->bindParam($kS,$$kS,PDO::PARAM_STR);
  110. }
  111. }
  112. foreach($arrWhere as $kW=>$vW){
  113. $kn=str_replace(":","",$kW);
  114. $$kn=$vW;//$p0 $p1 $p2
  115. if(is_int($vW)){
  116. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  117. }else if(is_float($vW)){
  118. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  119. }else{
  120. $pdoS->bindParam($kW,$$kn,PDO::PARAM_STR);
  121. }
  122. }
  123. $re=$pdoS->execute();
  124. if($re){
  125. return true;
  126. }else{

  127. return false;
  128. }
  129. }

  130. //查
  131. function select($field="*",$ArrayWhere="",$order="",$limit=""){
  132. if(!empty($ArrayWhere)){
  133. $strW = " where ";
  134. foreach($ArrayWhere as $kW=>$vW){
  135. $kn=str_replace(":","",$kW);
  136. if(count($ArrayWhere)==1){
  137. $strW .= $kn."=".$kW;
  138. }else{

  139. $strW .= $kn."=".$kW." and ";
  140. }
  141. }
  142. if(count($ArrayWhere)>1){
  143. $strW .= " 1=1 ";
  144. }
  145. }
  146. if(!empty($order)){
  147. $order="order by ".$order;
  148. }
  149. if(!empty($limit)){
  150. $limit="limit ".$limit;
  151. }
  152. //select 字段列表 from 表名 where 条件 order by 字段 desc|asc limit start,length;
  153. $sql="select {$field} from {$this->tableName} {$strW} {$order} {$limit}";
  154. //print_r($sql);
  155. $pdoS=$this->pOb->prepare($sql);
  156. if(!empty($ArrayWhere)){
  157. foreach($ArrayWhere as $kW=>$vW){
  158. $kn=str_replace(":","",$kW);
  159. $$kn=$vW;
  160. if(is_int($vW)){
  161. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  162. }else if(is_float($vW)){
  163. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  164. }else{
  165. $pdoS->bindParam($kW,$$kn,PDO::PARAM_STR);
  166. }
  167. }
  168. }
  169. $re=$pdoS->execute();
  170. if($re){
  171. $pdoS->setFetchMode(PDO::FETCH_ASSOC);
  172. return $pdoS->fetchAll();
  173. }else {
  174. return false;
  175. }
  176. }
  177. }
复制代码


Déclaration:
Le contenu de cet article est volontairement contribué par les internautes et les droits d'auteur appartiennent à l'auteur original. Ce site n'assume aucune responsabilité légale correspondante. Si vous trouvez un contenu suspecté de plagiat ou de contrefaçon, veuillez contacter admin@php.cn