写了一个php程序，希望可以优化运行效率和安全(防注入)，欢迎各种招数飞来？-tutorial php-php.cn

回复内容：

革命尚未成功，同志仍需努力。很多的代码其实用不到。这段程序完全可以优化的很短。
你看看我之前写的一个DB类。参考一下。都互相学习学习。

我中间的scalar和find方法还有一些问题。请能人帮忙解答一下。还有就是之前的插入，更新，删除都是用的数组，这个让我给成用原生sql了。也可以改成数组。
请帮忙看看，批评指正一下。
<span class="cp"><?php</span>
<span class="sd">/**</span>
<span class="sd"> * MySQL数据库类 使用的是PDO</span>
<span class="sd"> */</span>
<span class="k">class</span> <span class="nc">DB</span><span class="p">{</span>
	<span class="sd">/**</span>
<span class="sd">	 * 数据库实例</span>
<span class="sd">	 */</span>
	<span class="k">private</span> <span class="k">static</span> <span class="nv">$db_instance</span><span class="p">;</span>

	<span class="sd">/**</span>
<span class="sd">	 * 保存错误消息</span>
<span class="sd">	 */</span>
	<span class="k">private</span> <span class="k">static</span> <span class="nv">$_error</span><span class="p">;</span>

	<span class="sd">/**</span>
<span class="sd">	 * 禁止复制 为了单例模式</span>
<span class="sd">	 */</span>
	<span class="k">private</span> <span class="k">function</span> <span class="nf">__clone</span><span class="p">(){}</span>

	<span class="sd">/**</span>
<span class="sd">	 * 防止反序列化 为了单例模式</span>
<span class="sd">	 */</span>
	<span class="k">private</span> <span class="k">function</span> <span class="nf">__wakeup</span><span class="p">(){}</span>

	<span class="sd">/**</span>
<span class="sd">	 * 防止实例化</span>
<span class="sd">	 */</span>
	<span class="k">private</span> <span class="k">function</span> <span class="nf">__construct</span><span class="p">(){}</span>

	<span class="sd">/**</span>
<span class="sd">	 * 数据库实例化 这里如果实例化失败会产生一个错误，我没有去进行捕获。</span>
<span class="sd">	 */</span>
	<span class="k">private</span> <span class="k">static</span> <span class="k">function</span> <span class="nf">getInstance</span><span class="p">(){</span>
		<span class="k">if</span> <span class="p">(</span><span class="k">empty</span><span class="p">(</span><span class="nx">self</span><span class="o">::</span><span class="nv">$db_instance</span><span class="p">))</span> <span class="p">{</span>
			<span class="nv">$config</span> <span class="o">=</span> <span class="nx">Config</span><span class="o">::</span><span class="na">get</span><span class="p">(</span><span class="s1">'db'</span><span class="p">);</span>
			<span class="nx">self</span><span class="o">::</span><span class="nv">$db_instance</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">\PDO</span><span class="p">(</span><span class="s1">'mysql:host='</span><span class="o">.</span> <span class="nv">$config</span><span class="p">[</span><span class="s1">'host'</span><span class="p">]</span> <span class="o">.</span><span class="s1">';dbname='</span> <span class="o">.</span> <span class="nv">$config</span><span class="p">[</span><span class="s1">'database'</span><span class="p">]</span> <span class="o">.</span> <span class="s1">';port='</span> <span class="o">.</span> <span class="nv">$config</span><span class="p">[</span><span class="s1">'port'</span><span class="p">],</span> <span class="nv">$config</span><span class="p">[</span><span class="s1">'username'</span><span class="p">],</span> <span class="nv">$config</span><span class="p">[</span><span class="s1">'password'</span><span class="p">],</span> <span class="k">array</span><span class="p">(</span><span class="nx">\PDO</span><span class="o">::</span><span class="na">MYSQL_ATTR_INIT_COMMAND</span> <span class="o">=></span> <span class="s1">'set names '</span> <span class="o">.</span> <span class="nv">$config</span><span class="p">[</span><span class="s1">'charset'</span><span class="p">],</span> <span class="nx">\PDO</span><span class="o">::</span><span class="na">ATTR_TIMEOUT</span> <span class="o">=></span> <span class="nv">$config</span><span class="p">[</span><span class="s1">'timeout'</span><span class="p">]));</span>
		<span class="p">}</span>
		<span class="k">return</span> <span class="nx">self</span><span class="o">::</span><span class="nv">$db_instance</span><span class="p">;</span>
	<span class="p">}</span>

	<span class="sd">/**</span>
<span class="sd">	 * 查询标量数据</span>
<span class="sd">	 * @param string $sql 执行的sql语句</span>
<span class="sd">	 * @param string $params 需要替换$sql中的问号 如果没有？,则为空数组</span>
<span class="sd">	 */</span>
	<span class="k">public</span> <span class="k">static</span> <span class="k">function</span> <span class="nf">scalar</span><span class="p">(</span><span class="nv">$sql</span><span class="p">,</span> <span class="nv">$params</span> <span class="o">=</span> <span class="p">[]){</span>
		<span class="nv">$data</span> <span class="o">=</span> <span class="nx">self</span><span class="o">::</span><span class="na">selectQuery</span><span class="p">(</span><span class="s1">'scalar'</span><span class="p">,</span> <span class="nv">$sql</span><span class="p">,</span> <span class="nv">$params</span><span class="p">);</span>
		<span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="k">empty</span><span class="p">(</span><span class="nv">$data</span><span class="p">[</span><span class="mi">0</span><span class="p">]))</span> <span class="p">{</span>
			<span class="k">return</span> <span class="nv">$data</span><span class="p">[</span><span class="mi">0</span><span class="p">];</span>
		<span class="p">}</span><span class="k">else</span><span class="p">{</span>
			<span class="k">return</span> <span class="s1">''</span><span class="p">;</span>
		<span class="p">}</span>
	<span class="p">}</span>

	<span class="sd">/**</span>
<span class="sd">	 * 查询单列数据</span>
<span class="sd">	 * @param string $sql 执行的sql语句</span>
<span class="sd">	 * @param string $params 需要替换$sql中的问号 如果没有？,则为空数组</span>
<span class="sd">	 */</span>
	<span class="k">public</span> <span class="k">static</span> <span class="k">function</span> <span class="nf">column</span><span class="p">(</span><span class="nv">$sql</span><span class="p">,</span> <span class="nv">$params</span> <span class="o">=</span> <span class="p">[]){</span>
		<span class="k">return</span> <span class="nx">self</span><span class="o">::</span><span class="na">selectQuery</span><span class="p">(</span><span class="s1">'column'</span><span class="p">,</span> <span class="nv">$sql</span><span class="p">,</span> <span class="nv">$params</span><span class="p">);</span>
	<span class="p">}</span>

	<span class="sd">/**</span>
<span class="sd">	 * 查询一行记录</span>
<span class="sd">	 */</span>
	<span class="k">public</span> <span class="k">static</span> <span class="k">function</span> <span class="nf">find</span><span class="p">(</span><span class="nv">$sql</span><span class="p">,</span> <span class="nv">$params</span> <span class="o">=</span> <span class="p">[]){</span>
		<span class="nv">$result</span> <span class="o">=</span> <span class="nx">self</span><span class="o">::</span><span class="na">selectQuery</span><span class="p">(</span><span class="s1">'find'</span><span class="p">,</span> <span class="nv">$sql</span><span class="p">,</span> <span class="nv">$params</span><span class="p">);</span>
		<span class="k">if</span> <span class="p">(</span><span class="k">empty</span><span class="p">(</span><span class="nv">$result</span><span class="p">[</span><span class="mi">0</span><span class="p">]))</span> <span class="p">{</span>
			<span class="k">return</span> <span class="p">[];</span>
		<span class="p">}</span>
		<span class="k">return</span> <span class="nv">$result</span><span class="p">;</span>
	<span class="p">}</span>

	<span class="sd">/**</span>
<span class="sd">	 * 查询多行记录</span>
<span class="sd">	 */</span>
	<span class="k">public</span> <span class="k">static</span> <span class="k">function</span> <span class="nf">all</span><span class="p">(</span><span class="nv">$sql</span><span class="p">,</span> <span class="nv">$params</span> <span class="o">=</span> <span class="p">[]){</span>
		<span class="k">return</span> <span class="nx">self</span><span class="o">::</span><span class="na">selectQuery</span><span class="p">(</span><span class="s1">'all'</span><span class="p">,</span> <span class="nv">$sql</span><span class="p">,</span> <span class="nv">$params</span><span class="p">);</span>
	<span class="p">}</span>

	<span class="sd">/**</span>
<span class="sd">	 * 查询数据</span>
<span class="sd">	 */</span>
	<span class="k">private</span> <span class="k">static</span> <span class="k">function</span> <span class="nf">selectQuery</span><span class="p">(</span><span class="nv">$type</span><span class="p">,</span> <span class="nv">$sql</span><span class="p">,</span> <span class="nv">$params</span><span class="p">){</span>
		<span class="nx">self</span><span class="o">::</span><span class="na">getInstance</span><span class="p">();</span>
		<span class="nv">$instanceStatement</span> <span class="o">=</span> <span class="nx">self</span><span class="o">::</span><span class="nv">$db_instance</span><span class="o">-></span><span class="na">prepare</span><span class="p">(</span><span class="nv">$sql</span><span class="p">);</span>
		<span class="nv">$result</span> <span class="o">=</span> <span class="nv">$instanceStatement</span><span class="o">-></span><span class="na">execute</span><span class="p">(</span><span class="nv">$params</span><span class="p">);</span>
		<span class="k">if</span> <span class="p">(</span><span class="nv">$result</span> <span class="o">===</span> <span class="k">false</span><span class="p">)</span> <span class="p">{</span>
			<span class="nx">self</span><span class="o">::</span><span class="nv">$_error</span> <span class="o">=</span> <span class="nv">$instanceStatement</span><span class="o">-></span><span class="na">errorInfo</span><span class="p">();</span>
			<span class="k">return</span> <span class="k">false</span><span class="p">;</span>
		<span class="p">}</span><span class="k">else</span><span class="p">{</span>
			<span class="nx">self</span><span class="o">::</span><span class="nv">$_error</span> <span class="o">=</span> <span class="k">null</span><span class="p">;</span>
			<span class="k">switch</span> <span class="p">(</span><span class="nv">$type</span><span class="p">)</span> <span class="p">{</span>
				<span class="k">case</span> <span class="s1">'column'</span><span class="o">:</span> <span class="c1">//获取指定的一列数据</span>
				<span class="k">case</span> <span class="s1">'scalar'</span><span class="o">:</span> <span class="k">return</span> <span class="nv">$instanceStatement</span><span class="o">-></span><span class="na">fetchAll</span><span class="p">(</span><span class="nx">\PDO</span><span class="o">::</span><span class="na">FETCH_COLUMN</span><span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="c1">//获取指定的一行数据</span>
				<span class="k">case</span> <span class="s1">'find'</span><span class="o">:</span> <span class="c1">//获取执行的一行数据</span>
				<span class="k">case</span> <span class="s1">'all'</span><span class="o">:</span> <span class="c1">//获取全部数据</span>
				<span class="k">default</span><span class="o">:</span> <span class="k">return</span> <span class="nv">$instanceStatement</span><span class="o">-></span><span class="na">fetchAll</span><span class="p">(</span><span class="nx">\PDO</span><span class="o">::</span><span class="na">FETCH_ASSOC</span><span class="p">);</span>
					<span class="k">break</span><span class="p">;</span>
			<span class="p">}</span>
		<span class="p">}</span>
	<span class="p">}</span>

	<span class="sd">/**</span>
<span class="sd">	 * 插入单行数据数据</span>
<span class="sd">	 * @param string $sql 执行的sql语句</span>
<span class="sd">	 * @param array $params 需要插入的参数;</span>
<span class="sd">	 */</span>
	<span class="k">public</span> <span class="k">function</span> <span class="nf">insert</span><span class="p">(</span><span class="nv">$sql</span><span class="p">,</span> <span class="nv">$params</span> <span class="o">=</span> <span class="p">[]){</span>
		<span class="k">return</span> <span class="nx">self</span><span class="o">::</span><span class="na">executeQuery</span><span class="p">(</span><span class="s1">'insert'</span><span class="p">,</span> <span class="nv">$sql</span><span class="p">,</span> <span class="nv">$params</span><span class="p">);</span>
	<span class="p">}</span>

	<span class="sd">/**</span>
<span class="sd">	 * 更新数据</span>
<span class="sd">	 */</span>
	<span class="k">public</span> <span class="k">function</span> <span class="nf">update</span><span class="p">(</span><span class="nv">$sql</span><span class="p">,</span> <span class="nv">$params</span> <span class="o">=</span> <span class="p">[]){</span>
		<span class="k">return</span> <span class="nx">self</span><span class="o">::</span><span class="na">executeQuery</span><span class="p">(</span><span class="s1">'update'</span><span class="p">,</span> <span class="nv">$sql</span><span class="p">,</span> <span class="nv">$params</span><span class="p">);</span>
	<span class="p">}</span>

	<span class="sd">/**</span>
<span class="sd">	 * 更新数据数据 </span>
<span class="sd">	 * @param string $type insert update delete</span>
<span class="sd">	 * @param string $sql 执行的sql语句</span>
<span class="sd">	 * @param array $params 需要替换?的数据 格式[field1, field2, ...];</span>
<span class="sd">	 */</span>
	<span class="k">private</span> <span class="k">function</span> <span class="nf">executeQuery</span><span class="p">(</span><span class="nv">$type</span><span class="p">,</span> <span class="nv">$sql</span><span class="p">,</span> <span class="nv">$params</span><span class="p">){</span>
		<span class="nx">self</span><span class="o">::</span><span class="na">getInstance</span><span class="p">();</span>
		<span class="c1">//初始化</span>
		<span class="nv">$instanceStatement</span> <span class="o">=</span> <span class="nx">self</span><span class="o">::</span><span class="nv">$db_instance</span><span class="o">-></span><span class="na">prepare</span><span class="p">(</span><span class="nv">$sql</span><span class="p">);</span>
		<span class="nv">$result</span> <span class="o">=</span> <span class="nv">$instanceStatement</span><span class="o">-></span><span class="na">execute</span><span class="p">(</span><span class="nv">$params</span><span class="p">);</span>
		<span class="k">if</span> <span class="p">(</span><span class="nv">$result</span> <span class="o">===</span> <span class="k">false</span><span class="p">)</span> <span class="p">{</span>
			<span class="nv">$this</span><span class="o">-></span><span class="na">_error</span> <span class="o">=</span> <span class="nv">$instanceStatement</span><span class="o">-></span><span class="na">errorInfo</span><span class="p">();</span>
			<span class="k">return</span> <span class="k">false</span><span class="p">;</span>
		<span class="p">}</span><span class="k">else</span><span class="p">{</span>
			<span class="nv">$this</span><span class="o">-></span><span class="na">_error</span> <span class="o">=</span> <span class="s1">''</span><span class="p">;</span> <span class="c1">//清除上次的错误信息</span>
			<span class="k">if</span> <span class="p">(</span><span class="nv">$type</span> <span class="o">==</span> <span class="s1">'insert'</span><span class="p">)</span> <span class="p">{</span>
				<span class="k">return</span> <span class="nv">$this</span><span class="o">-></span><span class="na">db</span><span class="o">-></span><span class="na">lastInsertId</span><span class="p">()</span> <span class="o">+</span> <span class="nv">$instanceStatement</span><span class="o">-></span><span class="na">rowCount</span><span class="p">()</span> <span class="o">-</span> <span class="mi">1</span><span class="p">;</span> <span class="c1">//测试性质 （不一定正确，风险极高）</span>
			<span class="p">}</span><span class="k">else</span><span class="p">{</span>
				<span class="k">return</span> <span class="nv">$instanceStatement</span><span class="o">-></span><span class="na">rowCount</span><span class="p">();</span>
			<span class="p">}</span>
		<span class="p">}</span>
	<span class="p">}</span>

	<span class="sd">/**</span>
<span class="sd">	 * 获取错误消息</span>
<span class="sd">	 */</span>
	<span class="k">public</span> <span class="k">static</span> <span class="k">function</span> <span class="nf">error</span><span class="p">(){</span>
		<span class="k">return</span> <span class="nx">self</span><span class="o">::</span><span class="nv">$_error</span><span class="p">;</span>
	<span class="p">}</span>

	<span class="sd">/**</span>
<span class="sd">	 * 消除实例</span>
<span class="sd">	 */</span>
	<span class="k">public</span> <span class="k">static</span> <span class="k">function</span> <span class="nf">clear</span><span class="p">(){</span>
		<span class="nx">self</span><span class="o">::</span><span class="nv">$db_instance</span> <span class="o">=</span> <span class="k">null</span><span class="p">;</span>
	<span class="p">}</span>
<span class="p">}</span>
<span class="cp">?></span><span class="x"></span>
Salin selepas log masuk

那我不客气了。

从头到尾都是辣鸡。

好大一个洞，随时被人爆。用 prepared statement 吧兄弟

->arrays() 这个方法从命名到实现都很 orz ，别人在调用这个方法的时候心情大概跟吃了大便差不多。

连接方法没有处理好重入， 导致 conn 对象重复创建也是醉。

参数初始化放到构造函数里去啊，依赖全局变量什么鬼。

类名丑爆。

<span class="x">$this->result = mysql_query("$query",$this->conn);  </span>
Salin selepas log masuk

建议题主去看看Yii framework或者laravel它们的数据库封装是怎么做的，你写的这些方法只能认为是来黑php的

好多多余的代码