欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  后端开发

php防sql注入类(php pdo防止sql注入的类)

程序员文章站 2022-05-10 18:35:56
...
  1. class Model{

  2. protected $tableName="";//表名称
  3. protected $pOb;//pdo类对象
  4. function __construct(){
  5. $pdo=new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME,DB_USERNAME,DB_PASSWORD);
  6. $pdo->exec("set names ".DB_CHARSET);
  7. $this->pOb=$pdo;
  8. }
  9. /*
  10. * 作用:增
  11. * 参数:array $arr exp:array('字段名'=>值,'字段名'=>值,....)
  12. * return:int|false
  13. */
  14. function add($arr){
  15. //拼sql语句
  16. $kArr=array_keys($arr);
  17. $kStr=join(",",$kArr);
  18. $vArr=array_values($arr);
  19. $pStr = '';

  20. foreach ($vArr as $s=>$y){
  21. $vname = "p".$s;
  22. $pStr.=':'.$vname.',';
  23. }
  24. $pStr = substr($pStr,0,-1);
  25. $sql = "insert into {$this->tableName}($kStr) values($pStr)";

  26. print_r($sql);

  27. $pdoS = $this->pOb ->prepare($sql);
  28. foreach ($vArr as $k=>$y){
  29. $vname = "p".$k;
  30. $$vname = $y;
  31. var_dump($vname,$$vname);
  32. $pdoS -> bindParam(":".$vname, $$vname,PDO::PARAM_STR);
  33. }

  34. $re = $pdoS -> execute();
  35. if($re){//添加成功
  36. //返回主键id值
  37. return $this->pOb->lastInsertId();
  38. }
  39. //返回值
  40. return $re;
  41. }
  42. public function delete($arrWhere){
  43. if(!empty($arrWhere)){
  44. $strW = " where ";
  45. foreach($arrWhere as $kW=>$vW){
  46. $kn = str_replace(":", "", $kW);
  47. if(count($arrWhere)==1){
  48. $strW .= $kn."=".$kW;
  49. }else{
  50. $strW .= $kn."=".$kW." and ";
  51. }
  52. }
  53. if(count($arrWhere)>1){
  54. $strW .= " 1=1 ";
  55. }
  56. }
  57. $sql = "delete from {$this->tableName}".$strW;
  58. print_r($sql);
  59. $pdoS = $this->pOb->prepare($sql);
  60. foreach ($arrWhere as $kW=>$vW){
  61. $kn = str_replace(":", "", $kW);
  62. $$kn = $vW;
  63. if(is_int($vW)){
  64. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  65. }else if(is_float($vW)){
  66. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  67. }else{
  68. $pdoS->bindParam($kW,$$kn,PDO::PARAM_STR);
  69. }
  70. }
  71. $re=$pdoS->execute();
  72. if($re){
  73. return true;
  74. }else {
  75. return false;
  76. }
  77. }
  78. function update($arrSet,$arrWhere){
  79. //拼sql语句
  80. $str = "";
  81. $n=0;
  82. foreach ($arrSet as $kS=>$vS){
  83. $str .= ",".$kS."=:p".$n++;

  84. }
  85. $str = substr($str, 1);
  86. foreach($arrWhere as $kW=>$vW){
  87. $kn=str_replace(":","",$kW);
  88. if(count($arrWhere)==1){
  89. $strW .= $kn."=".$kW;
  90. }else{
  91. $strW .= $kn."=".$kW." and ";
  92. }
  93. }
  94. if(count($arrWhere)>1){
  95. $strW .= " 1=1 ";
  96. }
  97. $sql="update {$this->tableName} set {$str} where ".$strW;

  98. //print_r($sql);
  99. $pdoS=$this->pOb->prepare($sql);

  100. $x = 0;
  101. foreach($arrSet as $kS=>$vS){
  102. $kS = ":p".$x++;

  103. $$kS = $vS;
  104. if(is_int($vS)){

  105. $pdoS->bindParam($kS,$$kS,PDO::PARAM_INT);
  106. }else if(is_float($vS)){
  107. $pdoS->bindParam($kS,$$kS,PDO::PARAM_INT);
  108. }else{
  109. $pdoS->bindParam($kS,$$kS,PDO::PARAM_STR);
  110. }
  111. }
  112. foreach($arrWhere as $kW=>$vW){
  113. $kn=str_replace(":","",$kW);
  114. $$kn=$vW;//$p0 $p1 $p2
  115. if(is_int($vW)){
  116. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  117. }else if(is_float($vW)){
  118. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  119. }else{
  120. $pdoS->bindParam($kW,$$kn,PDO::PARAM_STR);
  121. }
  122. }
  123. $re=$pdoS->execute();
  124. if($re){
  125. return true;
  126. }else{

  127. return false;
  128. }
  129. }

  130. //查
  131. function select($field="*",$ArrayWhere="",$order="",$limit=""){
  132. if(!empty($ArrayWhere)){
  133. $strW = " where ";
  134. foreach($ArrayWhere as $kW=>$vW){
  135. $kn=str_replace(":","",$kW);
  136. if(count($ArrayWhere)==1){
  137. $strW .= $kn."=".$kW;
  138. }else{

  139. $strW .= $kn."=".$kW." and ";
  140. }
  141. }
  142. if(count($ArrayWhere)>1){
  143. $strW .= " 1=1 ";
  144. }
  145. }
  146. if(!empty($order)){
  147. $order="order by ".$order;
  148. }
  149. if(!empty($limit)){
  150. $limit="limit ".$limit;
  151. }
  152. //select 字段列表 from 表名 where 条件 order by 字段 desc|asc limit start,length;
  153. $sql="select {$field} from {$this->tableName} {$strW} {$order} {$limit}";
  154. //print_r($sql);
  155. $pdoS=$this->pOb->prepare($sql);
  156. if(!empty($ArrayWhere)){
  157. foreach($ArrayWhere as $kW=>$vW){
  158. $kn=str_replace(":","",$kW);
  159. $$kn=$vW;
  160. if(is_int($vW)){
  161. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  162. }else if(is_float($vW)){
  163. $pdoS->bindParam($kW,$$kn,PDO::PARAM_INT);
  164. }else{
  165. $pdoS->bindParam($kW,$$kn,PDO::PARAM_STR);
  166. }
  167. }
  168. }
  169. $re=$pdoS->execute();
  170. if($re){
  171. $pdoS->setFetchMode(PDO::FETCH_ASSOC);
  172. return $pdoS->fetchAll();
  173. }else {
  174. return false;
  175. }
  176. }
  177. }
复制代码