Home > Backend Development > PHP Tutorial > PHP anti-sql injection data model class

PHP anti-sql injection data model class

巴扎黑
Release: 2016-11-11 11:45:49
Original
1680 people have browsed it

class Model{ 
protected $tableName="";//表名称 
protected $pOb;//pdo类对象 
function __construct(){ 
$pdo=new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME,DB_USERNAME,DB_PASSWORD); 
$pdo->exec("set names ".DB_CHARSET); 
$this->pOb=$pdo; 

/* 
* 作用:增 
* 参数:array $arr exp:array('字段名'=>值,'字段名'=>值,....) 
* return:int|false 
*/ 
function add($arr){
//拼sql语句 
$kArr=array_keys($arr); 
$kStr=join(",",$kArr); 
$vArr=array_values($arr); 

$pStr = ''; 
foreach ($vArr as $s=>$y){ 
$vname = "p".$s; 
$pStr.=':'.$vname.','; 

$pStr = substr($pStr,0,-1); 

$sql = "insert into {$this->tableName}($kStr) values($pStr)"; 

print_r($sql); 
$pdoS = $this->pOb ->prepare($sql); 
foreach ($vArr as $k=>$y){ 
$vname = "p".$k; 
$$vname = $y; 
var_dump($vname,$$vname); 
$pdoS -> bindParam(":".$vname, $$vname,PDO::PARAM_STR); 


$re = $pdoS -> execute(); 
if($re){//添加成功 
//返回主键id值 
return $this->pOb->lastInsertId(); 

//返回值 
return $re;

public function delete($arrWhere){ 
if(!empty($arrWhere)){ 
$strW = " where "; 
foreach($arrWhere as $kW=>$vW){ 
$kn = str_replace(":", "", $kW); 
if(count($arrWhere)==1){ 
$strW .= $kn."=".$kW; 
}else{ 
$strW .= $kn."=".$kW." and "; 
}

if(count($arrWhere)>1){ 
$strW .= " 1=1 "; 
}

$sql = "delete from {$this->tableName}".$strW; 
print_r($sql); 
$pdoS = $this->pOb->prepare($sql); 
foreach ($arrWhere as $kW=>$vW){ 
$kn = str_replace(":", "", $kW); 
$$kn = $vW; 
if(is_int($vW)){ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT); 
}else if(is_float($vW)){ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT); 
}else{ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_STR); 
}

$re=$pdoS->execute(); 
if($re){ 
    return true; 
}else { 
return false; 



function update($arrSet,$arrWhere){ 
//拼sql语句
$str = ""; 
$n=0; 
foreach ($arrSet as $kS=>$vS){ 

$str .= ",".$kS."=:p".$n++; 

$str = substr($str, 1);
foreach($arrWhere as $kW=>$vW){ 
$kn=str_replace(":","",$kW);
if(count($arrWhere)==1){ 
$strW .= $kn."=".$kW; 
}else{ 
$strW .= $kn."=".$kW." and "; 
}
}
if(count($arrWhere)>1){ 
$strW .= " 1=1 "; 
}

$sql="update {$this->tableName} set {$str} where ".$strW; 
//print_r($sql); 

$pdoS=$this->pOb->prepare($sql); 
$x = 0; 
foreach($arrSet as $kS=>$vS){ 

$kS = ":p".$x++; 
$$kS = $vS; 

if(is_int($vS)){ 
$pdoS->bindParam($kS,$$kS,PDO::PARAM_INT); 
}else if(is_float($vS)){ 
$pdoS->bindParam($kS,$$kS,PDO::PARAM_INT); 
}else{ 
$pdoS->bindParam($kS,$$kS,PDO::PARAM_STR); 




foreach($arrWhere as $kW=>$vW){ 
$kn=str_replace(":","",$kW); 
$$kn=$vW;//$p0  $p1 $p2 
if(is_int($vW)){ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT); 
}else if(is_float($vW)){ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT); 
}else{ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_STR); 


$re=$pdoS->execute(); 
if($re){ 
    return true; 

}else{ 
return false; 



//查 
function select($field="*",$ArrayWhere="",$order="",$limit=""){ 
if(!empty($ArrayWhere)){ 
$strW = " where "; 
foreach($ArrayWhere as $kW=>$vW){ 
$kn=str_replace(":","",$kW);
if(count($ArrayWhere)==1){ 
$strW .= $kn."=".$kW; 

}else{ 
$strW .= $kn."=".$kW." and "; 
}
}
if(count($ArrayWhere)>1){ 
$strW .= " 1=1 "; 
}

if(!empty($order)){ 
$order="order by ".$order; 

if(!empty($limit)){ 
$limit="limit ".$limit; 
}
//select 字段列表 from 表名 where 条件 order by 字段 desc|asc limit start,length; 
$sql="select {$field} from {$this->tableName} {$strW} {$order} {$limit}"; 
//print_r($sql); 
$pdoS=$this->pOb->prepare($sql); 
if(!empty($ArrayWhere)){ 
foreach($ArrayWhere as $kW=>$vW){ 
$kn=str_replace(":","",$kW); 
$$kn=$vW; 
if(is_int($vW)){ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT); 
}else if(is_float($vW)){ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_INT); 
}else{ 
$pdoS->bindParam($kW,$$kn,PDO::PARAM_STR); 



$re=$pdoS->execute(); 
if($re){ 
$pdoS->setFetchMode(PDO::FETCH_ASSOC); 
return $pdoS->fetchAll(); 
}else { 
return false; 





Related labels:
php
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template