I don’t know if originality should be included in the essay.
All right, first blog post.
There are three classes:
1. Filter input (lightweight)
class input_filter
is responsible for filtering parameters such as $_GET, $_POST.
The return value type is an array, using Parameters of made_sql class
2. Convert into SQL statement
class made_sql
The type of the parameters is array and table name (string), the key of the array is the column name of the table, and the value is the inserted value
The return value type is a string, which is used as a parameter of the mysql ->query method
3. Database query
class mysql
uses single column mode and uses static methods to obtain objects. For details, see instanceof operation The function of the symbol
Copy code The code is as follows:
class input_filter
{
private $input_all; // Array to be filtered
private $rustle; // Filtered results
//Constructor parameters can be $_GET or $_POST these
public function __construct($input_C)
{
if(is_array($input_C))
$this->input_all = $input_C ;
else
echo 'Parameter is not valid';
//Initialization, otherwise the array will be merged for the first time PHP doesn’t know what type this is
$this->rustle = array();
}
private function filter_arr() // Main function
{
foreach ($this-> ;input_all as $key_input => $val_input)
{
//If the key name is not a string, return an error message
// for key
if(!is_string($key_input)) // error
{
echo 'This key is not string';
return false;
}
// The # is mysql Note .
$key_one = str_replace('# ','',$key_input);
$key = htmlspecialchars($key_one,ENT_QUOTES,'UTF-8');
// I didn’t find the HTML escape character for #, so I replaced it with empty
$val_one = str_replace('#','',$val_input);
// This function only converts < > ' ", there is a similar function that will escape all symbols
$val = htmlspecialchars ($val_one,ENT_QUOTES,'UTF-8');
// merger
$rustle_one = array($key=>$val);
//merge array
$this-> ;rustle = array_merge($this->rustle,$rustle_one);
}
}
//This function is a bit redundant, leave it for future expansion
public function get_filter_rustle()
{
$this->filter_arr();
return $this->rustle ;
}
}
Calling method:
Copy code The code is as follows:
$filter = new filter_input($_GET); // or $_POST
$input_data = $filter- >get_filter();
Convert into SQL statement:
Copy code The code is as follows:
class madesql
{
private $Cnow_ary; // type array passed in parameters
private $Cname_str;
private $insert_sql; //final sql statement string type
public function __construct($Cary,$Cname)
{
//Check whether the incoming parameter type is an array
if (! is_array($Cary))
return false;
else
$this->Cnow_ary = $Cary; // Written value
$this->Cname_str = $Cname; // Database table name
25 }
private function setSql() // Main Function, produces SQL statements
{
foreach ( $this->Cnow_ary as $key_ary => $val_ary )
{
$cols_sql = $cols_sql.','.$key_ary; / /Column name combination
$vals_sql = $vals_sql.', ''.$val_ary.'''; //Value combination
}
// Because there is something wrong with the previous foreach algorithm, the first character It is a comma
// So use sunstr_replace() to delete, starting from the first character (0), only replace one character (1)
$cols_sql = substr_replace($vals_sql,'',0,1);
$vals_sql = substr_replace($vals_sql,'',0,1);
$this->insert_sql =
'INSERT INTO '.$this->Cname_str.' ( '
. $cols_sql.' ) VALUES ( '.$vals_sql.' )'; // Statement shaping
}
//Extended use
public function getSql()
{
$this-> ;setSql();
return $this->insert_sql;
}
}
3. Database query
The database query class refers to the single column mode in the book (Use static methods to obtain objects, so that there is only one instance of the database query class in a script)
I think the singleton pattern is still useful for this class
Copy code The code is as follows:
class mysql
{
private $connect;
static $objectMysql; // Store the object
private function __construct() 7 {
//This when creating the object The constructor will be called to initialize
$connect = mysql_connect('db address','password','dbname');
$this->db = mysql_select_db('db',$connect) ;
}
public static function Mysql_object()
{
//The instanceof operator is used to check whether the object belongs to an instance of a class or interface. What I said is not very standard...
//If $objectMysql is not an instance of mysql(self), then create one
if(! self::$objectMysql instanceof self)
self::$ objectMysql = new mysql();
//At this time, $objectMysql is already an object
return self::$objectMysql;
}
public function query($sql)
{
return mysql_query($sql,$this->db);
}
}
All right, summarize the usage
Copy code The code is as follows:
$filter = new filter_input($_GET); // or $_POST
$input_data = $filter- >get_filter();
$madeSql = new madesql($input_data,'tableName');
$sql = $madeSql->getSql();
$mysql = mysql::Mysql_object() ;
if( $mysql->query($sql) )
echo 'Ok';
else
echo 'failure';
Only these are needed The operation of writing to the database can be completed by calling the code
In addition, let’s talk about the private and public issue of the constructor. In the mysql singleton mode in the book, the constructor is declared as private, and this will happen if there is no singleton mode. Compilation error, that is, PHP cannot create an object, checked.
The reason is that creating objects is often done outside the class, which creates the problem of inaccessible constructors. The single-column mode creates objects in its own class, so there are no restrictions on accessing private methods.
I originally thought that the singleton mode only prevents the creation of the same object. Now it seems that the singleton mode can encapsulate the constructor, which indeed improves security
The results of the filter_input class can be directly used as the madesql class The premise of the parameters is:
The name of the form must be the same as the column name of the database, otherwise you will see so much in vain
http://www.bkjia.com/PHPjc/324106.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/324106.htmlTechArticleI don’t know if originality should be included in the essay. All right, first blog post. There are three classes: 1. Filter input (lightweight) class input_filter is responsible for filtering parameters such as $_GET, $_POST...