喜悦国际村 - 代码共享 - 发个基于pdo的数据库操作类(页 1)

喜悦国际村 » 代码共享 » 发个基于pdo的数据库操作类

页: [1]

Ultrawind

2007-3-8 04:09 PM

发个基于pdo的数据库操作类

有什么不足之处大家多提提意见，呵呵，特别是对于性能和安全方面^_^其中防止跨站攻击功能还没做，没有好的方法

使用实例：
$data = $this->find($this->table,$this->condition,$this->select_fields,$this->order_by,$this->limit,$offset);
$data = $this->findBySql($this->sql);
$insert_row = $this->insertData('TB_TEST',array('test_name' => "o'k",'test_time' => date("Y-m-d H:i:s")));
$update_row = $this->updateData('TB_TEST',array('test_name' => 'update','test_time' => date("Y-m-d H:i:s")),array('test_id' => 30));
$delete_row = $this->deleteData('TB_TEST',array('test_id' => $_GET['test_id']));

db.php：

<?php

require_once(LIB_DIR.'class/safer'.PHP_EXT);

class Db extends Safer
{
/**
   * 获取数据库访问对象
   */
public function connDb() {
include(LIB_DIR.CONFIG_DIR.'db_config'.PHP_EXT);
$dbs = $db['type'].':host='.$db['host'].';dbname='.$db['database'];
try {
$dbh = new PDO($dbs,$db['user'],$db['password'],array(PDO::ATTR_PERSISTENT => $db['persistent']));
return $dbh;
} catch (PDOException $e) {
print "Error: " . $e->getMessage() . "<br/>";
die();
}
}

/**
   * 新增数据
   */
public function insertData($table,$data) {
foreach($data as $inx => $val){
$data[$inx] = $this->quotes($val);
}
$field = ""; $value = "";
$size = count($data);
$i = 0;
foreach($data as $inx => $val){
if(!empty($val)){
$i++;
if($i < $size){
$field .= $inx.",";
$value .= "'".$val."',";
}else{
$field .= $inx;
$value .= "'".$val."'";
}
}
}
$sql = "insert into ".$table." (".$field.") values (".$value.")";
//echo $sql;
$count = $this->db->exec($sql);
return $count;
}

/**
   * 更新数据
   */
public function updateData($table,$data,$condition){
foreach($data as $inx => $val){
$data[$inx] = $this->quotes($val);
}
$i = 0;
$size = count($data);
$update_fields ="";
foreach($data as $inx => $val){
if(!empty($val)){
$i++;
if($i < $size){
$update_fields .= $inx."='".$val."',";
}else{
$update_fields .= $inx."='".$val."'";
}
}
}
$sql = "update ".$table." set ".$update_fields." where 1";
if($condition){
if(is_array($condition)){
foreach($condition as $c_inx => $c_val){
$sql .= " and ".$c_inx."='".$c_val."'";
}
}else{
$sql .= " and ".$condition;
}
}
echo $sql;
$count = $this->db->exec($sql);
return $count;
}

/**
   * 根据sql查询数据
   */
public function findBySql($sql){
$rs = $this->db->query($sql);
$rs->setFetchMode(PDO::FETCH_ASSOC);
$arr = $rs->fetchAll();
foreach($arr as $inx => $val){
$arr[$inx] = $this->unQuotes($val);
}
return $arr;
}

/**
   * 查询数据
   */
public function find($table,$condition='',$fields='*',$order_by='',$limit='',$offset=0){
$sql = "select ";
if($fields){
if(is_array($fields)){
$i = 1;
$fields_num = count($fields);
foreach($fields as $f_inx => $f_val){
$sql .= $f_inx.".".$f_val;
if($i < $fields_num){
$sql .= ",";
}
$i++;
}
}else{
$sql .= $fields;
}
}
$sql .= " from ";
if(is_array($table)){
$i = 1;
$table_num = count($table);
foreach($table as $t_inx => $t_val){
$sql .= $t_val." ".$t_inx;
if($i < $table_num){
$sql .= ",";
}
$i++;
}
}else{
$sql .= $table;
}
$sql .= " where 1";
if($condition){
if(is_array($condition)){
foreach($condition as $c_inx => $c_val){
$sql .= " and ".$c_inx."='".$c_val."'";
}
}else{
$sql .= " and ".$condition;
}
}
if($order_by){
if(is_array($order_by)){
$sql .= " order by ";
$i = 1;
$order_by_num = count($order_by);
foreach($order_by as $t_inx => $t_val){
$sql .= $t_inx.".".$t_val;
if($i < $order_by_num){
$sql .= ",";
}
$i++;
}
}else{
$sql .= " order by ".$order_by;
}
}
if($limit){
$sql .= " limit ".$offset.",".$limit;
}
//echo $sql."<hr>";
$arr = $this->findBySql($sql);
return $arr;
}

/**
   * 取得总记录数
   */
public function getTotalRow($table,$condition='',$fields='*'){
$arr = $this->find($table,$condition='',$fields='*',$order_by='',$limit='',$offset=0);
$total_row = count($arr);
return $total_row;
}
/**
   * 取得总记录数
   */
public function getTotalRowBySql($sql){
$arr = $this->findBySql($sql);
$total_row = count($arr);
return $total_row;
}

/**
   * 删除
   */
public function deleteData($table,$condition=''){
$sql  = "delete from ".$table;
$sql .= " where 1";
if($condition){
if(is_array($condition)){
foreach($condition as $c_inx => $c_val){
$c_val = $this->quotes($c_val);
$sql .= " and ".$c_inx."='".$c_val."'";
}
}else{
$sql .= " and ".$condition;
}
}
$delete_row = $this->db->exec($sql);
return $delete_row;
}

/**
   * 获得字段名称
   */
public function getFields($table,$fields='*') {

}

}

safer.php：

<?php
class Safer
{
/**
   * 过滤输入
   */
public function quotes($content) {
//如果magic_quotes_gpc=Off，那么就开始转义变量
if (!get_magic_quotes_gpc()) {
if (is_array($content)) {
foreach ($content as $key=>$value) {
$content[$key] = addslashes($value);
}
} else {
$content = addslashes($content);
}
}
return $content;
}

public function quotesAll() {
//转义_GET和_POST变量
if(isset($_GET)) {
$_GET = $this->quotes($_GET);
}
if(isset($_POST)) {
$_POST = $this->quotes($_POST);
}
//if(isset($_SESSION)) {
// $_SESSION = $this->quotes($_SESSION);
//}
//if(isset($_COOKIE)) {
// $_COOKIE = $this->quotes($_COOKIE);
//}
}

/**
   * 转义输出
   */
public function unQuotes($content) {
if (is_array($content)) {
foreach ($content as $key => $value) {
$content[$key] = htmlentities($value, ENT_QUOTES, 'UTF-8');
}
} else {
$content = htmlentities($content, ENT_QUOTES, 'UTF-8');
}
return $content;
}

/**
   * 过滤page变量
   */
public function quotesPage($page) {
$page = intval($page) > 0 ? intval($page) : 1;
return $page;
}

/**
   * 防止跨站攻击
   */
public function isOtherPost() {

}

}
?>

[[i] 本帖最后由 Ultrawind 于 2007-3-9 12:10 AM 编辑 [/i]]

Ultrawind

2007-3-13 03:34 AM

怎么没个朋友说说话啊。。。给点意见啊 l o l

c1a1o1

2007-3-17 03:29 AM

安全性可以的呀支持一下 ^_^

白衣天使	2007-3-18 05:52 AM

我来学习了～

Ultrawind

2007-3-19 07:41 AM

终于有人给点意见了，呵呵，谢谢

yeqiufeng

2007-3-23 01:51 AM

看了看了。学习。

查看完整版本: 发个基于pdo的数据库操作类