一款实用的php mysql数据库连接类

unction cg_stripslashes($array) {if (is_array($array)) {foreach
($array as $k = $v) {$array[$k] = cg_stripslashes($v);}} else if
(is_string($array)) {$array = stripslashes($array);}return $array;}

 本款数据库连接类,他会自动加载sql防注入功能,过滤一些敏感的sql查询关键词,同时还可以增加判断字段
show table status的性质与show table类 获取数据库所有表名等。*/
@ini_set(‘mysql.trace_mode’,’off’);
class mysql
{
 public $dblink;
 public $pconnect;
 private $search = array(‘/union(s*(/*.**/)?s*)+select/i’,
‘/load_file(s*(/*.**/)?s*)+(/i’,
‘/into(s*(/*.**/)?s*)+outfile/i’);
 private $replace = array(‘union   select’, ‘load_file   (‘,
‘into   outfile’);
 private $rs;

// 添加转义function cg_addslashes($string) {if(is_array($string))
{foreach($string as $key = $val) {$string[$key] =
cg_daddslashes($val);}} else {$string = addslashes($string);}return
$string;}?

 function
__construct($hostname,$username,$userpwd,$database,$pconnect=false,$charset=’utf8′)
 {
  define(‘allowed_htmltags’,
‘<html><embed><title><meta><body><a><p><br><hr><h1><h2><h3><h4><h5><h6><font><u><i><b><strong><div><span><ol><ul><li><img><table><tr><td><map>’);
  $this->pconnect=$pconnect;
  $this->dblink=$pconnect?mysql_pconnect($hostname,$username,$userpwd):mysql_connect($hostname,$username,$userpwd);
  (!$this->dblink||!is_resource($this->dblink)) &&
fatal_error(“connect to the database unsuccessfully!”);
  @mysql_unbuffered_query(“set names {$charset}”);
  if($this->version()>’5.0.1′)
  {
   @mysql_unbuffered_query(“set sql_mode = ””);
  }
  @mysql_select_db($database) or fatal_error(“can not select
table!”);
澳门新葡亰娱乐官网,  return $this->dblink;
 }

 function query($sql,$unbuffered=false)
 {
  //echo $sql.'<br>’;
  $this->rs=$unbuffered?mysql_unbuffered_query($sql,$this->dblink):mysql_query($sql,$this->dblink);
  //(!$this->rs||!is_resource($this->rs)) &&
fatal_error(“execute the query unsuccessfully!
error:”.mysql_error());
  if(!$this->rs)fatal_error(‘在执行sql语句 ‘.$sql.’
时发生以下错误:’.mysql_error());
  return $this->rs;
 }

 function fetch_one($sql)
 {
  $this->rs=$this->query($sql);
  return
dircms_strips教程lashes($this->filter_pass(mysql_fetch_array($this->rs,mysql_assoc)));
 }

 function get_maxfield($filed=’id’,$table) //
获取$table表中$filed字段的最大值
 {
  $r=$this->fetch_one(“select {$table}.{$filed} from `{$table}`
order by `{$table}`.`{$filed}` desc limit 0,1”);
  return $r[$filed];
 }

 function fetch_all($sql)
 {
  $this->rs=$this->query($sql);
  $result=array();
  while($rows=mysql_fetch_array($this->rs,mysql_assoc))
  {
   $result[]=$rows;
  }
  
  mysql_free_result($this->rs);
  return dircms_stripslashes($this->filter_pass($result));
 }

 function fetch_all_withkey($sql,$key=’id’)
 {
  $this->rs=$this->query($sql);
  $result=array();
  while($rows=mysql_fetch_array($this->rs,mysql_assoc))
  {
   $result[$rows[$key]]=$rows;
  }
  
  mysql_free_result($this->rs);
  return dircms_stripslashes($this->filter_pass($result));
 }

 function last_insert_id()
 {
  if(($insertid=mysql_insert_id($this->dblink))>0)return
$insertid;
  else //如果 auto_increment 的列的类型是 bigint,则
mysql_insert_id() 返回的值将不正确.
  {
   $result=$this->fetch_one(‘select last_insert_id() as
insertid’);
   return $result[‘insertid’];
  }
 }

 function insert($tbname,$varray,$replace=false)
 {
  $varray=$this->escape($varray);
  $tb_fields=$this->get_fields($tbname); // mb.111cn.net
升级一下,增加判断字段是否存在
  
  foreach($varray as $key => $value)
  {
   if(in_array($key,$tb_fields))
   {
    $fileds[]=’`’.$key.’`’;
    $values[]=is_string($value)?”’.$value.”’:$value;
   }
  }

  if($fileds)
  {
   $fileds=implode(‘,’,$fileds);
   $fileds=str_replace(”’,’`’,$fileds);
   $values=implode(‘,’,$values);
   $sql=$replace?”replace into {$tbname}({$fileds}) values
({$values})”:”insert into {$tbname}({$fileds}) values ({$values})”;
   $this->query($sql,true);
   return $this->last_insert_id();
  }
  else return false;
 }

 function update($tbname, $array, $where = ”)
 {
  $array=$this->escape($array);
  if($where)
  {
   $tb_fields=$this->get_fields($tbname); //
www.111cn.net,增加判断字段是否存在
   
   $sql = ”;
   foreach($array as $k=>$v)
   {
    if(in_array($k,$tb_fields))
    {
     $k=str_replace(”’,”,$k);
     $sql .= “, `$k`=’$v'”;
    }
   }
   $sql = substr($sql, 1);
   
   if($sql)$sql = “update `$tbname` set $sql where $where”;
   else return true;
  }
  else
  {
   $sql = “replace into `$tbname`(`”.implode(‘`,`’,
array_keys($array)).”`) values(‘”.implode(“‘,'”, $array).”‘)”;
  }
  return $this->query($sql,true);
 }
 
 function mysql_delete($tbname,$idarray,$filedname=’id’)
 {
  $idwhere=is_array($idarray)?implode(‘,’,$idarray):intval($idarray);
  $where=is_array($idarray)?”{$tbname}.{$filedname} in ({$idwhere})”:”
{$tbname}.{$filedname}={$idwhere}”;

  return $this->query(“delete from {$tbname} where {$where}”,true);
 }

 function get_fields($table)
 {
  $fields=array();
  $result=$this->fetch_all(“show columns from `{$table}`”);
  foreach($result as $val)
  {
   $fields[]=$val[‘field’];
  }
  return $fields;
 }

 function get_table_status($database)
 {
  $status=array();
  $r=$this->fetch_all(“show table status from `”.$database.”`”);
/////// show table status的性质与show
table类似,不过,可以提供每个表的大量信息。
  foreach($r as $v)
  {
   $status[]=$v;
  }
  return $status;
 }

 function get_one_table_status($table)
 {
  return $this->fetch_one(“show table status like ‘$table'”);
 }

 function create_fields($tbname,$fieldname,$size=0,$type=’varchar’) //
2010-5-14 修正一下
 {  
  if($size)
  {
   $size=strtoupper($type)==’varchar’?$size:8;
   $this->query(“alter table `{$tbname}` add `$fieldname`
{$type}( {$size} )  not null”,true);
  }
  else $this->query(“alter table `{$tbname}` add `$fieldname`
mediumtext  not null”,true);
  return true;
 }

 function get_tables() //获取所有表表名
 {
  $tables=array();
  $r=$this->fetch_all(“show tables”);
  foreach($r as $v)
  {
   foreach($v as $v_)
   {
    $tables[]=$v_;
   }
  }
  return $tables;
 }

 function create_model_table($tbname)
//创建一个内容模型表(start:初始只有字段contentid
int(20),用于内容表,/////////////////////// update:2010-5-20    
默认加入`content` mediumtext not null,字段)
 {
  if(in_array($tbname,$this->get_tables())) return false; 
///////////////////// 当表名已经存在时,返回 false
  if($this->query(“create table `{$tbname}` (
`contentid` mediumint(8) not null ,
`content` mediumtext not null,
key ( `contentid` )
) engine = myisam default charset=utf8″,true))return true;  
////////////////////  成功则返回 true
  return false; //////////////失败返回 false
 }

 function create_table($tbname)
//创建一个会员模型空表(初始只有字段userid
int(20),用于会员表,2010-4-26)
 {
  if(in_array($tbname,$this->get_tables())) return false;
  if($this->query(“create table `{$tbname}` (
`userid` mediumint(8) not null ,
key ( `userid` )
) engine = myisam default charset=utf8″,true))return true;
  return false;
 }

 function escape($str) // 过滤危险字符
 {
  if(!is_array($str)) return str_replace(array(‘n’, ‘r’),
array(chr(10),
chr(13)),mysql_real_escape_string(preg_replace($this->search,$this->replace,
$str), $this->dblink));
  foreach($str as $key=>$val) $str[$key] =
$this->escape($val);
  return $str;
 }

 function filter_pass($string, $allowedtags = ”, $disabledattributes =
array(‘onabort’, ‘onactivate’, ‘onafterprint’, ‘onafterupdate’,
‘onbeforeactivate’, ‘onbeforecopy’, ‘onbeforecut’, ‘onbeforedeactivate’,
‘onbeforeeditfocus’, ‘onbeforepaste’, ‘onbeforeprint’, ‘onbeforeunload’,
‘onbeforeupdate’, ‘onblur’, ‘onbounce’, ‘oncellchange’, ‘onchange’,
‘onclick’, ‘oncontextmenu’, ‘oncontrolselect’, ‘oncopy’, ‘oncut’,
‘ondataavaible’, ‘ondatasetchanged’, ‘ondatasetcomplete’, ‘ondblclick’,
‘ondeactivate’, ‘ondrag’, ‘ondragdrop’, ‘ondragend’, ‘ondragenter’,
‘ondragleave’, ‘ondragover’, ‘ondragstart’, ‘ondrop’, ‘onerror’,
‘onerrorupdate’, ‘onfilterupdate’, ‘onfinish’, ‘onfocus’, ‘onfocusin’,
‘onfocusout’, ‘onhelp’, ‘onkeydown’, ‘onkeypress’, ‘onkeyup’,
‘onlayoutcomplete’, ‘onload’, ‘onlosecapture’, ‘onmousedown’,
‘onmouseenter’, ‘onmouseleave’, ‘onmousemove’, ‘onmoveout’,
‘onmouseo教程ver’, ‘onmouseup’,
‘onmousewheel’, ‘onmove’, ‘onmoveend’, ‘onmovestart’, ‘onpaste’,
‘onpropertychange’, ‘onreadystatechange’, ‘onreset’, ‘onresize’,
‘onresizeend’, ‘onresizestart’, ‘onrowexit’, ‘onrowsdelete’,
‘onrowsinserted’, ‘onscroll’, ‘onselect’, ‘onselectionchange’,
‘onselectstart’, ‘onstart’, ‘onstop’, ‘onsubmit’, ‘onunload’))
 {
  if(is_array($string))
  {
   foreach($string as $key => $val) $string[$key] =
$this->filter_pass($val, allowed_htmltags);
  }
  else
  {
   $string = preg_replace(‘/s(‘.implode(‘|’,
$disabledattributes).’).*?([s>])/’, ‘ ‘,
preg_replace(‘/<(.*?)>/ie’,
“‘<‘.preg_replace(array(‘/网页特效:[^”‘]*/i’,
‘/(“.implode(‘|’, $disabledattributes).”)[ ]*=[
]*[“‘][^”‘]*[“‘]/i’, ‘/s+/’), array(”, ”, ‘ ‘),
stripslashes(‘ ‘)) . ‘>'”, strip_tags($string, $allowedtags)));
  }
  return $string;
 }

 function drop_table($tbname)
 {
  return $this->query(“drop table if exists `{$tbname}`”,true);
 }

 function version()
 {
  return mysql_get_server_info($this->dblink);
 }
}

You can leave a response, or trackback from your own site.

Leave a Reply

网站地图xml地图