Utilizing PHP's OOP features to achieve data protection (1)

In PHP 4, var is usually used to declare variables, but in PHP 5, you can use the features of object-oriented programming (OOP) to customize the visibility of data - that is, accessibility. Visibility here is very similar to variable scope. Similar, but providing a better control mechanism, there are the following three types of visibility modifiers:

　Public (default) - variables can be accessed or modified in the global scope.
　Protected--Variables can only be accessed or modified within the class itself and directly derived (using extends statement) classes.
　Private--Variables can only be accessed or modified within the class.

　 Similar to interface implementation, violating these rules in the program will lead to serious errors; and similar to interfaces, they exist purely for the convenience of programmers. But this does not mean that they can be ignored. Specifying the visibility of a certain class member variable can protect the data within the object from outside influence.

　 Suppose there is a MySqlDB class, and a $link variable is declared as private in it, which means that this variable can only be accessed from inside the object using the $this variable, which prevents accidental overwriting by other objects or functions outside the class. Here, We will use the visibility attribute to help us create a query object.

　 You can treat query as a separate entity, which can be executed and return results. Some database systems also have stored procedures. Stored procedures are very similar to functions. They store query statements and accept corresponding parameters when called. However, MySQL did not provide similar functions before version 5.1. Some other types of database management systems also have No.

　In this article, the above two features will be combined into the query object of the example. The example will simulate a basic stored procedure and save the result pointer internally. For now, the focus is on executing the query from the object, where you can call the query() function of the MySqlDB object.

　The following public functions can be defined in the query object:

　__construct()--The constructor accepts a parameter that contains an instance reference of the object that implements the DB interface.

　prepare()--The function prepare() initializes the stored procedure of query. It may contain one or more limited placeholders, which will be passed as parameters to the execute() function. A placeholder is defined as a colon related to the number of parameters followed by an integer and a letter related to the parameter type.

　A simple query containing placeholders looks like the following:

SELECT col1,col2 FROM table_name WHERE col1=:1I

　execute()--The function execute() will execute the query. If it is prematurely initialized as a stored procedure by the prepare() function, any parameters passed in will be used as execution parameters of the stored procedure. Otherwise, the first parameter will only be used as the query text. The function execute() will return the results after executing the query.

　compile()--The function compile() is similar to the function execute(). In fact, the query is not executed, but replaces all placeholders in the query string, accepts the parameters of the stored procedure, and returns the compiled version of the query. .

　Protected Members

　As mentioned above, the concept of visibility can be used to hide the inner workings of an object, protecting the data integrity required for the inner workings. As explained earlier, the result pointer returned by the query will be saved as a protected attribute. The protected member is used here because a specific database query object derived from the query object may overload some core functions.

　 Digging into the code

　 Enough of the theory, now let’s start writing code. First, create a template as shown in Example 1:

　 Example 1: A template for the database query class

class DBQuery
{
　/**
　*保存一个实现了DB接口对象的引用。
　*/
　protected $db;

　/**
　*如果是一个存储过程，设为true。
　*/
　protected $stored_procedure = false;

　/**
　*保存一个删除了所有字符串的query。
　*/
　private $query;

　/**
　*用于在SQL中匹配引号。
　*/
　private static $QUOTE_MATCH = "/(".*(?db = $db;
}

public function prepare($query)
{
　$this->stored_procedure = true;
}

public function compile($args)
{}

public function execute($query)
{}
}

The above is implemented using the OOP features of PHP Data protection (1) content, for more related content, please pay attention to the PHP Chinese website (www.php.cn)!