php防sql注入数据model类_PHP_编程开发_程序员俱乐部

中国优秀的程序员网站程序员频道CXYCLUB技术地图
热搜:
更多>>
 
您所在的位置: 程序员俱乐部 > 编程开发 > PHP > php防sql注入数据model类

php防sql注入数据model类

 2015/1/31 22:53:15  摇摇欲醉  程序员俱乐部  我要评论(0)
  • 摘要:<?phpclassModel{protected$tableName="";//表名称protected$pOb;//pdo类对象function__construct(){$pdo=newPDO("mysql:host=".DB_HOST.";dbname=".DB_NAME,DB_USERNAME,DB_PASSWORD);$pdo->exec("setnames".DB_CHARSET);$this->pOb=$pdo;}/**作用:增*参数:array$arrexp
  • 标签:PHP 数据 SQL SQL注入
<?php
class Model{
protected $tableName="";//表名称
protected $pOb;//pdo类对象
function __construct(){
$pdo=new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME,DB_USERNAME,DB_PASSWORD);
$pdo->exec("set names ".DB_CHARSET);
$this->pOb=$pdo;
}
/*
* 作用:增
* 参数:array $arr exp:array('字段名'=>值,'字段名'=>值,....)
* return:int|false
*/
function add($arr){
//拼sql语句
$kArr=array_keys($arr);
$kStr=join(",",$kArr);
$vArr=array_values($arr);

$pStr = '';
foreach ($vArr as $s=>$y){
$vname = "p".$s;
$pStr.=':'.$vname.',';
}
$pStr = substr($pStr,0,-1);

$sql = "insert into {$this->tableName}($kStr) values($pStr)";

print_r($sql);
$pdoS = $this->pOb ->prepare($sql);
foreach ($vArr as $k=>$y){
$vname = "p".$k;
$$vname = $y;
var_dump($vname,$$vname);
$pdoS -> bindParam(":".$vname, $$vname,PDO::PARAM_STR);

}
$re = $pdoS -> execute();
if($re){//添加成功
//返回主键id值
return $this->pOb->lastInsertId();
}
//返回值
return $re;
}
public function delete($arrWhere){
if(!empty($arrWhere)){
$strW = " where ";
foreach($arrWhere as $kW=>$vW){
$kn = str_replace(":", "", $kW);
if(count($arrWhere)==1){
$strW .= $kn."=".$kW;
}else{
$strW .= $kn."=".$kW." and ";
}
}
if(count($arrWhere)>1){
$strW .= " 1=1 ";
}
}
$sql = "delete from {$this->tableName}".$strW;
print_r($sql);
$pdoS = $this->pOb->prepare($sql);
foreach ($arrWhere as $kW=>$vW){
$kn = str_replace(":", "", $kW);
$$kn = $vW;
if(is_int($vW)){
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
}else if(is_float($vW)){
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
}else{
$pdoS->bindParam($kW,$$kn,PDO::PARAM_STR);
}
}
$re=$pdoS->execute();
if($re){
    return true;
}else {
return false;
}

}
function update($arrSet,$arrWhere){
//拼sql语句
$str = "";
$n=0;
foreach ($arrSet as $kS=>$vS){

$str .= ",".$kS."=:p".$n++;
}
$str = substr($str, 1);
foreach($arrWhere as $kW=>$vW){
$kn=str_replace(":","",$kW);
if(count($arrWhere)==1){
$strW .= $kn."=".$kW;
}else{
$strW .= $kn."=".$kW." and ";
}
}
if(count($arrWhere)>1){
$strW .= " 1=1 ";
}

$sql="update {$this->tableName} set {$str} where ".$strW;
//print_r($sql);

$pdoS=$this->pOb->prepare($sql);
$x = 0;
foreach($arrSet as $kS=>$vS){

$kS = ":p".$x++;
$$kS = $vS;

if(is_int($vS)){
$pdoS->bindParam($kS,$$kS,PDO::PARAM_INT);
}else if(is_float($vS)){
$pdoS->bindParam($kS,$$kS,PDO::PARAM_INT);
}else{
$pdoS->bindParam($kS,$$kS,PDO::PARAM_STR);
}
}


foreach($arrWhere as $kW=>$vW){
$kn=str_replace(":","",$kW);
$$kn=$vW;//$p0  $p1 $p2
if(is_int($vW)){
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
}else if(is_float($vW)){
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
}else{
$pdoS->bindParam($kW,$$kn,PDO::PARAM_STR);
}
}
$re=$pdoS->execute();
if($re){
    return true;

}else{
return false;
}

}
//查
function select($field="*",$ArrayWhere="",$order="",$limit=""){
if(!empty($ArrayWhere)){
$strW = " where ";
foreach($ArrayWhere as $kW=>$vW){
$kn=str_replace(":","",$kW);
if(count($ArrayWhere)==1){
$strW .= $kn."=".$kW;

}else{
$strW .= $kn."=".$kW." and ";
}
}
if(count($ArrayWhere)>1){
$strW .= " 1=1 ";
}
}
if(!empty($order)){
$order="order by ".$order;
}
if(!empty($limit)){
$limit="limit ".$limit;
}
//select 字段列表 from 表名 where 条件 order by 字段 desc|asc limit start,length;
$sql="select {$field} from {$this->tableName} {$strW} {$order} {$limit}";
//print_r($sql);
$pdoS=$this->pOb->prepare($sql);
if(!empty($ArrayWhere)){
foreach($ArrayWhere as $kW=>$vW){
$kn=str_replace(":","",$kW);
$$kn=$vW;
if(is_int($vW)){
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
}else if(is_float($vW)){
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
}else{
$pdoS->bindParam($kW,$$kn,PDO::PARAM_STR);
}
}
}
$re=$pdoS->execute();
if($re){
$pdoS->setFetchMode(PDO::FETCH_ASSOC);
return $pdoS->fetchAll();
}else {
return false;
}

}


}
发表评论
用户名: 匿名