php防sql注入資料model類

class Model{ 
protected $tableName="";//表名稱
protected $pOb;//pdo類別物件
function __construct(){ 
$pdo=new PDO("mysql:host=".DB_HOST." ;dbname=".DB_NAME,DB_USERNAME,DB_PASSWORD); 
$pdo->exec("設定名稱".DB_CHARSET); 
$this->pOb=$pdo; 
} 
/* ：array $arr exp:array('欄位名稱'=>值,'欄位名稱'=>值,....) 
* return:int|false 
*/ 
function add($arr){
//拼sql語句
$kArr=array_keys($arr); 
$kStr=join(",",$kArr); 
$vArr=array_values($arr); 
for
$pStrStr = ''; as $s=>$y){ 
$vname = "p".$s; 
$pStr.=':'.$vname.','; 
} 
$pStr = substr($pStr,0,-$pStr,0,-$pStr,0,-$pStr,0,-$pStr,0,- 1); 

$sql = "插入到{$this->tableName}($kStr) 值($pStr)"; 

print_r($sql); 
$pdoS = $this->pOb ->prepare( $sql); 
foreach ($vArr as $k=>$y){ 
$vname = "p".$k; 
$$vname = $y; 
var_dump($vname,$$vname);$ 
$ 
$ pdoS -> bindParam(":".$vname, $$vname,PDO::PARAM_STR); 

} 
$re = $pdoS ->execute(); 
if($re){//新增成功
/ /回傳主鍵id值
return $this->pOb->lastInsertId(); 
} 
//回傳值
return $re;
} 
公用函數){ 
$strW = " where "; 
foreach($arr其中$kW=>$vW){ 
$kn = str_replace(":", "", $kW); 
if(count($arrWhere)= =1){ 
$strW .= $kn."=".$kW; 
}其他{ 
$strW .= $kn."=".$kW." 和"; 
}
} 
if(count ($arrWhere)>1){ 
$strW .= " 1=1 "; 
}
} 
$sql = "從{$this->tableName} 刪除".$strW; 
_r($sql);
$pdoS = $this->pOb->prepare($sql); 
foreach ($arr其中$kW=>$vW){ 
$kn = str_replace(":", "", $kW); 
$kn = str_replace(":", "", $kW); 
$ $kn = $vW; 
if(is_int($vW)){ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT); 
}else if(is_float($vW)){ 
}else if(is_float($vW)){ pdoS->bindParam($kW,$$kn,PDO::PARAM_INT); 
}其他{ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_STR); 
}
} 
} 
$pdoS->execute(); 
if($re){ 
    回傳true； 
}else { 
回傳false; 
} 
$str = ""; 
$n=0； 
foreach ($arrSet as $kS=>$vS){ 

$str .= ",".$kS."=:p".$n++ 
}
$str = substr($str, 1);
foreach($arr其中$kW=>$vW){ 
$kn=str_replace(":","",$kW);
if(count($arrWhere )==1){ 
$strW .= $kn."=".$kW; 
}其他{ 
$strW .= $kn."=".$kW." 及"; 
}
}
if (count($arrWhere)>1){ 
$strW .= " 1=1 "; 
}

$sql="update {$this->tableName} 設定{$str} where ".$strW; 
/ /print_r($sql); 

$pdoS=$this->pOb->prepare($sql); 
$x = 0; 
foreach($arrSet as $kS=>$vS){ 

foreach($arrSet as $kS=>$vS){ 

":p".$x++; 
$$kS = $vS; 

if(is_int($vS)){ 
$pdoS->bindParam($kS,$$kS,PDO::PA$$RAM_INT); 
}else
}else if(is_float($vS)){ 
$pdoS->bindParam($kS,$$kS,PDO::PARAM_INT); 
}其他{ 
$pdoS->bindParam($k::k PARAM_STR); 
} 
} 


foreach($arr其中$kW=>$vW){ 
$kn=str_replace(":","",$kW); 
$kn=str_replace(":","",$kW); 
$kn=str_replace(":","",$kW); 
$$n $p0  $p1 $p2 
if(is_int($vW)){ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT); 
}else if(is_float($vW)){$ pdoS->bindParam($kW,$$kn,PDO::PARAM_INT); 
}其他{ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_STR); 
} 
} $pdoS->execute(); 
if($re){ 
    回傳true； 

}否則{ 
回傳false； 
} 
}$ ="",$order="",$limit=""){ 
if(!empty($ArrayWhere)){
$strW = " 其中"; 
foreach($ArrayWhere as $kW=>$vW){
$kn=str_replace(":","",$kW);
if(count($ArrayWhere)==1){ 
$strW .= $kn."=".$kW; 

}其他{
$strW .= $kn."=".$kW." 和"; 
}
}
if(count($ArrayWhere)>1){ 
$strW .= " 1=1 "; 
}
$strW .= " 1=1 "; 
}
}
if(!empty($order)){ 
$order="order ".$order; 
} 
if(!empty($limit)){ 
$limit="limit ".$limit; 
}
$limit="limit ".$limit; 
}
} 🜎 //select 欄位清單from 表格名稱where 條件order by 欄位desc|asc limit start,length; 
$sql="從{$this->tableName} {$strW} {$order} {$limit} 中選擇{$ field}"; 
//print_r($sql); 
$pdoS=$this->pOb->prepare($sql); 
if(!empty($ArrayWhere)){
foreach($ArrayWhere as $kW=>$vW){
$kn=str_replace(":","",$kW); 
$$kn=$vW; 
if(is_int($vW)){ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT); 
}else if(is_float($vW)){ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT); 
}其他{ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_STR); 
} 
} 
} 
$re=$pdoS->execute(); 
if($re){ 
$pdoS->setFetchMode(PDO::FETCH_ASSOC); 
return $pdoS->fetchAll(); 
}否則{ 
回傳 false; 
} 

} 


}