【www.gdgbn.com--mysql教程】
本款数据库连接类,他会自动加载sql防注入功能,过滤一些敏感的sql查询关键词,同时还可以增加判断字段 show table status的性质与show table类 获取数据库所有表名等。*/
@ini_set("mysql.trace_mode","off");
class mysql
{
public $dblink;
public $pconnect;
private $search = array("/union(s*(/*.**/)?s*)+select/i", "/load_file(s*(/*.**/)?s*)+(/i", "/into(s*(/*.**/)?s*)+outfile/i");
private $replace = array("union select", "load_file (", "into outfile");
private $rs;
function __construct($hostname,$username,$userpwd,$database,$pconnect=false,$charset="utf8")
{
define("allowed_htmltags", "
function query($sql,$unbuffered=false)
{
//echo $sql."
";
$this->rs=$unbuffered?mysql_unbuffered_query($sql,$this->dblink):mysql_query($sql,$this->dblink);
//(!$this->rs||!is_resource($this->rs)) && fatal_error("execute the query unsuccessfully! error:".mysql_error());
if(!$this->rs)fatal_error("在执行sql语句 ".$sql." 时发生以下错误:".mysql_error());
return $this->rs;
}
function fetch_one($sql)
{
$this->rs=$this->query($sql);
return dircms_strips教程lashes($this->filter_pass(mysql_fetch_array($this->rs,mysql_assoc)));
}
function get_maxfield($filed="id",$table) // 获取$table表中$filed字段的最大值
{
$r=$this->fetch_one("select {$table}.{$filed} from `{$table}` order by `{$table}`.`{$filed}` desc limit 0,1");
return $r[$filed];
}
function fetch_all($sql)
{
$this->rs=$this->query($sql);
$result=array();
while($rows=mysql_fetch_array($this->rs,mysql_assoc))
{
$result[]=$rows;
}
mysql_free_result($this->rs);
return dircms_stripslashes($this->filter_pass($result));
}
function fetch_all_withkey($sql,$key="id")
{
$this->rs=$this->query($sql);
$result=array();
while($rows=mysql_fetch_array($this->rs,mysql_assoc))
{
$result[$rows[$key]]=$rows;
}
mysql_free_result($this->rs);
return dircms_stripslashes($this->filter_pass($result));
}
function last_insert_id()
{
if(($insertid=mysql_insert_id($this->dblink))>0)return $insertid;
else //如果 auto_increment 的列的类型是 bigint,则 mysql_insert_id() 返回的值将不正确.
{
$result=$this->fetch_one("select last_insert_id() as insertid");
return $result["insertid"];
}
}
function insert($tbname,$varray,$replace=false)
{
$varray=$this->escape($varray);
$tb_fields=$this->get_fields($tbname); // mb.111cn.net 升级一下,增加判断字段是否存在
foreach($varray as $key => $value)
{
if(in_array($key,$tb_fields))
{
$fileds[]="`".$key."`";
$values[]=is_string($value)?""".$value.""":$value;
}
}
if($fileds)
{
$fileds=implode(",",$fileds);
$fileds=str_replace(""","`",$fileds);
$values=implode(",",$values);
$sql=$replace?"replace into {$tbname}({$fileds}) values ({$values})":"insert into {$tbname}({$fileds}) values ({$values})";
$this->query($sql,true);
return $this->last_insert_id();
}
else return false;
}
function update($tbname, $array, $where = "")
{
$array=$this->escape($array);
if($where)
{
$tb_fields=$this->get_fields($tbname); // www.111cn.net,增加判断字段是否存在
$sql = "";
foreach($array as $k=>$v)
{
if(in_array($k,$tb_fields))
{
$k=str_replace(""","",$k);
$sql .= ", `$k`="$v"";
}
}
$sql = substr($sql, 1);
if($sql)$sql = "update `$tbname` set $sql where $where";
else return true;
}
else
{
$sql = "replace into `$tbname`(`".implode("`,`", array_keys($array))."`) values("".implode("","", $array)."")";
}
return $this->query($sql,true);
}
function mysql_delete($tbname,$idarray,$filedname="id")
{
$idwhere=is_array($idarray)?implode(",",$idarray):intval($idarray);
$where=is_array($idarray)?"{$tbname}.{$filedname} in ({$idwhere})":" {$tbname}.{$filedname}={$idwhere}";
return $this->query("delete from {$tbname} where {$where}",true);
}
function get_fields($table)
{
$fields=array();
$result=$this->fetch_all("show columns from `{$table}`");
foreach($result as $val)
{
$fields[]=$val["field"];
}
return $fields;
}
function get_table_status($database)
{
$status=array();
$r=$this->fetch_all("show table status from `".$database."`"); /////// show table status的性质与show table类似,不过,可以提供每个表的大量信息。
foreach($r as $v)
{
$status[]=$v;
}
return $status;
}
function get_one_table_status($table)
{
return $this->fetch_one("show table status like "$table"");
}
function create_fields($tbname,$fieldname,$size=0,$type="varchar") // 2010-5-14 修正一下
{
if($size)
{
$size=strtoupper($type)=="varchar"?$size:8;
$this->query("alter table `{$tbname}` add `$fieldname` {$type}( {$size} ) not null",true);
}
else $this->query("alter table `{$tbname}` add `$fieldname` mediumtext not null",true);
return true;
}
function get_tables() //获取所有表表名
{
$tables=array();
$r=$this->fetch_all("show tables");
foreach($r as $v)
{
foreach($v as $v_)
{
$tables[]=$v_;
}
}
return $tables;
}
function create_model_table($tbname) //创建一个内容模型表(start:初始只有字段contentid int(20),用于内容表,/////////////////////// update:2010-5-20 默认加入`content` mediumtext not null,字段)
{
if(in_array($tbname,$this->get_tables())) return false; ///////////////////// 当表名已经存在时,返回 false
if($this->query("create table `{$tbname}` (
`contentid` mediumint(8) not null ,
`content` mediumtext not null,
key ( `contentid` )
) engine = myisam default charset=utf8",true))return true; //////////////////// 成功则返回 true
return false; //////////////失败返回 false
}
function create_table($tbname) //创建一个会员模型空表(初始只有字段userid int(20),用于会员表,2010-4-26)
{
if(in_array($tbname,$this->get_tables())) return false;
if($this->query("create table `{$tbname}` (
`userid` mediumint(8) not null ,
key ( `userid` )
) engine = myisam default charset=utf8",true))return true;
return false;
}
function escape($str) // 过滤危险字符
{
if(!is_array($str)) return str_replace(array("n", "r"), array(chr(10), chr(13)),mysql_real_escape_string(preg_replace($this->search,$this->replace, $str), $this->dblink));
foreach($str as $key=>$val) $str[$key] = $this->escape($val);
return $str;
}
function filter_pass($string, $allowedtags = "", $disabledattributes = array("onabort", "onactivate", "onafterprint", "onafterupdate", "onbeforeactivate", "onbeforecopy", "onbeforecut", "onbeforedeactivate", "onbeforeeditfocus", "onbeforepaste", "onbeforeprint", "onbeforeunload", "onbeforeupdate", "onblur", "onbounce", "oncellchange", "onchange", "onclick", "oncontextmenu", "oncontrolselect", "oncopy", "oncut", "ondataavaible", "ondatasetchanged", "ondatasetcomplete", "ondblclick", "ondeactivate", "ondrag", "ondragdrop", "ondragend", "ondragenter", "ondragleave", "ondragover", "ondragstart", "ondrop", "onerror", "onerrorupdate", "onfilterupdate", "onfinish", "onfocus", "onfocusin", "onfocusout", "onhelp", "onkeydown", "onkeypress", "onkeyup", "onlayoutcomplete", "onload", "onlosecapture", "onmousedown", "onmouseenter", "onmouseleave", "onmousemove", "onmoveout", "onmouseo教程ver", "onmouseup", "onmousewheel", "onmove", "onmoveend", "onmovestart", "onpaste", "onpropertychange", "onreadystatechange", "onreset", "onresize", "onresizeend", "onresizestart", "onrowexit", "onrowsdelete", "onrowsinserted", "onscroll", "onselect", "onselectionchange", "onselectstart", "onstart", "onstop", "onsubmit", "onunload"))
{
if(is_array($string))
{
foreach($string as $key => $val) $string[$key] = $this->filter_pass($val, allowed_htmltags);
}
else
{
$string = preg_replace("/s(".implode("|", $disabledattributes).").*?([s>])/", "", preg_replace("/<(.*?)>/ie", ""<".preg_replace(array("/网页特效:[^""]*/i", "/(".implode("|", $disabledattributes).")[ ]*=[ ]*[""][^""]*[""]/i", "/s+/"), array("", "", " "), stripslashes("")) . ">"", strip_tags($string, $allowedtags)));
}
return $string;
}
function drop_table($tbname)
{
return $this->query("drop table if exists `{$tbname}`",true);
}
function version()
{
return mysql_get_server_info($this->dblink);
}
}