一聚教程网:一个值得你收藏的教程网站
PHP教程 Css教程 操作系统 数据库 安卓下载
萌猫乐园简易版
我在神界刷装备游戏安装
拳击俱乐部2安卓下载
远古众神安装
超帅卡丁车游戏安装
锈湖地铁繁花
全面战争模拟器部落时代无广告版
拼图大闯关精装版
弹弓保龄球安卓下载
恐怖肉先生游戏安装
少年三国志二吕布怎么获得
崩坏星穹铁道2.1战意奔涌新增成就大全一览
崩坏星穹铁道克劳克影视乐园折纸小鸟位置大全一览
影之刃3炽刃佩戴什么装备
新笑傲江湖九霄狼王多少级
地下城与勇士第六套天空套是什么
无尽的拉格朗日地图怎么看
星露谷物语怎么双人同屏
射雕剑飞位置大全一览
射雕手游隐藏技能获得方法攻略
时间:2022-06-24 16:04:17 编辑:袖梨 来源:一聚教程网
本款数据库连接类,他会自动加载sql防注入功能,过滤一些敏感的sql查询关键词,同时还可以增加判断字段 show table status的性质与show table类 获取数据库所有表名等。*/ @ini_set('mysql.trace_mode','off'); class mysql { public $dblink; public $pconnect; private $search = array('/union(s*(/*.**/)?s*)+select/i', '/load_file(s*(/*.**/)?s*)+(/i', '/into(s*(/*.**/)?s*)+outfile/i'); private $replace = array('union select', 'load_file (', 'into outfile'); private $rs;
function __construct($hostname,$username,$userpwd,$database,$pconnect=false,$charset='utf8') { define('allowed_htmltags', ''); $this->pconnect=$pconnect; $this->dblink=$pconnect?mysql_pconnect($hostname,$username,$userpwd):mysql_connect($hostname,$username,$userpwd); (!$this->dblink||!is_resource($this->dblink)) && fatal_error("connect to the database unsuccessfully!"); @mysql_unbuffered_query("set names {$charset}"); if($this->version()>'5.0.1') { @mysql_unbuffered_query("set sql_mode = ''"); } @mysql_select_db($database) or fatal_error("can not select table!"); return $this->dblink; } function query($sql,$unbuffered=false) { //echo $sql.''; $this->rs=$unbuffered?mysql_unbuffered_query($sql,$this->dblink):mysql_query($sql,$this->dblink); //(!$this->rs||!is_resource($this->rs)) && fatal_error("execute the query unsuccessfully! error:".mysql_error()); if(!$this->rs)fatal_error('在执行sql语句 '.$sql.' 时发生以下错误:'.mysql_error()); return $this->rs; } function fetch_one($sql) { $this->rs=$this->query($sql); return dircms_strips教程lashes($this->filter_pass(mysql_fetch_array($this->rs,mysql_assoc))); } function get_maxfield($filed='id',$table) // 获取$table表中$filed字段的最大值 { $r=$this->fetch_one("select {$table}.{$filed} from `{$table}` order by `{$table}`.`{$filed}` desc limit 0,1"); return $r[$filed]; } function fetch_all($sql) { $this->rs=$this->query($sql); $result=array(); while($rows=mysql_fetch_array($this->rs,mysql_assoc)) { $result[]=$rows; } mysql_free_result($this->rs); return dircms_stripslashes($this->filter_pass($result)); } function fetch_all_withkey($sql,$key='id') { $this->rs=$this->query($sql); $result=array(); while($rows=mysql_fetch_array($this->rs,mysql_assoc)) { $result[$rows[$key]]=$rows; } mysql_free_result($this->rs); return dircms_stripslashes($this->filter_pass($result)); } function last_insert_id() { if(($insertid=mysql_insert_id($this->dblink))>0)return $insertid; else //如果 auto_increment 的列的类型是 bigint,则 mysql_insert_id() 返回的值将不正确. { $result=$this->fetch_one('select last_insert_id() as insertid'); return $result['insertid']; } } function insert($tbname,$varray,$replace=false) { $varray=$this->escape($varray); $tb_fields=$this->get_fields($tbname); // mb.111com.net 升级一下,增加判断字段是否存在 foreach($varray as $key => $value) { if(in_array($key,$tb_fields)) { $fileds[]='`'.$key.'`'; $values[]=is_string($value)?'''.$value.''':$value; } } if($fileds) { $fileds=implode(',',$fileds); $fileds=str_replace(''','`',$fileds); $values=implode(',',$values); $sql=$replace?"replace into {$tbname}({$fileds}) values ({$values})":"insert into {$tbname}({$fileds}) values ({$values})"; $this->query($sql,true); return $this->last_insert_id(); } else return false; } function update($tbname, $array, $where = '') { $array=$this->escape($array); if($where) { $tb_fields=$this->get_fields($tbname); // www.111com.net,增加判断字段是否存在 $sql = ''; foreach($array as $k=>$v) { if(in_array($k,$tb_fields)) { $k=str_replace(''','',$k); $sql .= ", `$k`='$v'"; } } $sql = substr($sql, 1); if($sql)$sql = "update `$tbname` set $sql where $where"; else return true; } else { $sql = "replace into `$tbname`(`".implode('`,`', array_keys($array))."`) values('".implode("','", $array)."')"; } return $this->query($sql,true); } function mysql_delete($tbname,$idarray,$filedname='id') { $idwhere=is_array($idarray)?implode(',',$idarray):intval($idarray); $where=is_array($idarray)?"{$tbname}.{$filedname} in ({$idwhere})":" {$tbname}.{$filedname}={$idwhere}"; return $this->query("delete from {$tbname} where {$where}",true); } function get_fields($table) { $fields=array(); $result=$this->fetch_all("show columns from `{$table}`"); foreach($result as $val) { $fields[]=$val['field']; } return $fields; } function get_table_status($database) { $status=array(); $r=$this->fetch_all("show table status from `".$database."`"); /////// show table status的性质与show table类似,不过,可以提供每个表的大量信息。 foreach($r as $v) { $status[]=$v; } return $status; } function get_one_table_status($table) { return $this->fetch_one("show table status like '$table'"); } function create_fields($tbname,$fieldname,$size=0,$type='varchar') // 2010-5-14 修正一下 { if($size) { $size=strtoupper($type)=='varchar'?$size:8; $this->query("alter table `{$tbname}` add `$fieldname` {$type}( {$size} ) not null",true); } else $this->query("alter table `{$tbname}` add `$fieldname` mediumtext not null",true); return true; } function get_tables() //获取所有表表名 { $tables=array(); $r=$this->fetch_all("show tables"); foreach($r as $v) { foreach($v as $v_) { $tables[]=$v_; } } return $tables; } function create_model_table($tbname) //创建一个内容模型表(start:初始只有字段contentid int(20),用于内容表,/////////////////////// update:2010-5-20 默认加入`content` mediumtext not null,字段) { if(in_array($tbname,$this->get_tables())) return false; ///////////////////// 当表名已经存在时,返回 false if($this->query("create table `{$tbname}` ( `contentid` mediumint(8) not null , `content` mediumtext not null, key ( `contentid` ) ) engine = myisam default charset=utf8",true))return true; //////////////////// 成功则返回 true return false; //////////////失败返回 false } function create_table($tbname) //创建一个会员模型空表(初始只有字段userid int(20),用于会员表,2010-4-26) { if(in_array($tbname,$this->get_tables())) return false; if($this->query("create table `{$tbname}` ( `userid` mediumint(8) not null , key ( `userid` ) ) engine = myisam default charset=utf8",true))return true; return false; } function escape($str) // 过滤危险字符 { if(!is_array($str)) return str_replace(array('n', 'r'), array(chr(10), chr(13)),mysql_real_escape_string(preg_replace($this->search,$this->replace, $str), $this->dblink)); foreach($str as $key=>$val) $str[$key] = $this->escape($val); return $str; } function filter_pass($string, $allowedtags = '', $disabledattributes = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavaible', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragdrop', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterupdate', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmoveout', 'onmouseo教程ver', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload')) { if(is_array($string)) { foreach($string as $key => $val) $string[$key] = $this->filter_pass($val, allowed_htmltags); } else { $string = preg_replace('/s('.implode('|', $disabledattributes).').*?([s>])/', '', preg_replace('/<(.*?)>/ie', "'<'.preg_replace(array('/网页特效:[^"']*/i', '/(".implode('|', $disabledattributes).")[ ]*=[ ]*["'][^"']*["']/i', '/s+/'), array('', '', ' '), stripslashes('')) . '>'", strip_tags($string, $allowedtags))); } return $string; } function drop_table($tbname) { return $this->query("drop table if exists `{$tbname}`",true); } function version() { return mysql_get_server_info($this->dblink); } } 相关文章 逆水寒手游祭阴陵洞穴怎么打 逆水寒手游祭阴陵洞穴打发介绍 03-28 崩坏星穹铁道林中小屋成就怎么达成 崩坏星穹铁道林中小屋成就攻略 03-28 崩坏星穹铁道证明与反驳成就怎么达成 崩坏星穹铁道证明与反驳成就攻略 03-28 金铲铲之战挑战模式怎么玩 金铲铲之战挑战模式玩法介绍 03-28 江南百景图知府宅邸玩法介绍 江南百景图知府宅邸该怎么玩 03-28 崩坏星穹铁道鸟艺术人生成就怎么达成 崩坏星穹铁道鸟艺术人生成就攻略 03-28
function query($sql,$unbuffered=false) { //echo $sql.''; $this->rs=$unbuffered?mysql_unbuffered_query($sql,$this->dblink):mysql_query($sql,$this->dblink); //(!$this->rs||!is_resource($this->rs)) && fatal_error("execute the query unsuccessfully! error:".mysql_error()); if(!$this->rs)fatal_error('在执行sql语句 '.$sql.' 时发生以下错误:'.mysql_error()); return $this->rs; }
function fetch_one($sql) { $this->rs=$this->query($sql); return dircms_strips教程lashes($this->filter_pass(mysql_fetch_array($this->rs,mysql_assoc))); }
function get_maxfield($filed='id',$table) // 获取$table表中$filed字段的最大值 { $r=$this->fetch_one("select {$table}.{$filed} from `{$table}` order by `{$table}`.`{$filed}` desc limit 0,1"); return $r[$filed]; }
function fetch_all($sql) { $this->rs=$this->query($sql); $result=array(); while($rows=mysql_fetch_array($this->rs,mysql_assoc)) { $result[]=$rows; } mysql_free_result($this->rs); return dircms_stripslashes($this->filter_pass($result)); }
function fetch_all_withkey($sql,$key='id') { $this->rs=$this->query($sql); $result=array(); while($rows=mysql_fetch_array($this->rs,mysql_assoc)) { $result[$rows[$key]]=$rows; } mysql_free_result($this->rs); return dircms_stripslashes($this->filter_pass($result)); }
function last_insert_id() { if(($insertid=mysql_insert_id($this->dblink))>0)return $insertid; else //如果 auto_increment 的列的类型是 bigint,则 mysql_insert_id() 返回的值将不正确. { $result=$this->fetch_one('select last_insert_id() as insertid'); return $result['insertid']; } }
function insert($tbname,$varray,$replace=false) { $varray=$this->escape($varray); $tb_fields=$this->get_fields($tbname); // mb.111com.net 升级一下,增加判断字段是否存在 foreach($varray as $key => $value) { if(in_array($key,$tb_fields)) { $fileds[]='`'.$key.'`'; $values[]=is_string($value)?'''.$value.''':$value; } }
if($fileds) { $fileds=implode(',',$fileds); $fileds=str_replace(''','`',$fileds); $values=implode(',',$values); $sql=$replace?"replace into {$tbname}({$fileds}) values ({$values})":"insert into {$tbname}({$fileds}) values ({$values})"; $this->query($sql,true); return $this->last_insert_id(); } else return false; }
function update($tbname, $array, $where = '') { $array=$this->escape($array); if($where) { $tb_fields=$this->get_fields($tbname); // www.111com.net,增加判断字段是否存在 $sql = ''; foreach($array as $k=>$v) { if(in_array($k,$tb_fields)) { $k=str_replace(''','',$k); $sql .= ", `$k`='$v'"; } } $sql = substr($sql, 1); if($sql)$sql = "update `$tbname` set $sql where $where"; else return true; } else { $sql = "replace into `$tbname`(`".implode('`,`', array_keys($array))."`) values('".implode("','", $array)."')"; } return $this->query($sql,true); } function mysql_delete($tbname,$idarray,$filedname='id') { $idwhere=is_array($idarray)?implode(',',$idarray):intval($idarray); $where=is_array($idarray)?"{$tbname}.{$filedname} in ({$idwhere})":" {$tbname}.{$filedname}={$idwhere}";
return $this->query("delete from {$tbname} where {$where}",true); }
function get_fields($table) { $fields=array(); $result=$this->fetch_all("show columns from `{$table}`"); foreach($result as $val) { $fields[]=$val['field']; } return $fields; }
function get_table_status($database) { $status=array(); $r=$this->fetch_all("show table status from `".$database."`"); /////// show table status的性质与show table类似,不过,可以提供每个表的大量信息。 foreach($r as $v) { $status[]=$v; } return $status; }
function get_one_table_status($table) { return $this->fetch_one("show table status like '$table'"); }
function create_fields($tbname,$fieldname,$size=0,$type='varchar') // 2010-5-14 修正一下 { if($size) { $size=strtoupper($type)=='varchar'?$size:8; $this->query("alter table `{$tbname}` add `$fieldname` {$type}( {$size} ) not null",true); } else $this->query("alter table `{$tbname}` add `$fieldname` mediumtext not null",true); return true; }
function get_tables() //获取所有表表名 { $tables=array(); $r=$this->fetch_all("show tables"); foreach($r as $v) { foreach($v as $v_) { $tables[]=$v_; } } return $tables; }
function create_model_table($tbname) //创建一个内容模型表(start:初始只有字段contentid int(20),用于内容表,/////////////////////// update:2010-5-20 默认加入`content` mediumtext not null,字段) { if(in_array($tbname,$this->get_tables())) return false; ///////////////////// 当表名已经存在时,返回 false if($this->query("create table `{$tbname}` ( `contentid` mediumint(8) not null , `content` mediumtext not null, key ( `contentid` ) ) engine = myisam default charset=utf8",true))return true; //////////////////// 成功则返回 true return false; //////////////失败返回 false }
function create_table($tbname) //创建一个会员模型空表(初始只有字段userid int(20),用于会员表,2010-4-26) { if(in_array($tbname,$this->get_tables())) return false; if($this->query("create table `{$tbname}` ( `userid` mediumint(8) not null , key ( `userid` ) ) engine = myisam default charset=utf8",true))return true; return false; }
function escape($str) // 过滤危险字符 { if(!is_array($str)) return str_replace(array('n', 'r'), array(chr(10), chr(13)),mysql_real_escape_string(preg_replace($this->search,$this->replace, $str), $this->dblink)); foreach($str as $key=>$val) $str[$key] = $this->escape($val); return $str; }
function filter_pass($string, $allowedtags = '', $disabledattributes = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavaible', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragdrop', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterupdate', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmoveout', 'onmouseo教程ver', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload')) { if(is_array($string)) { foreach($string as $key => $val) $string[$key] = $this->filter_pass($val, allowed_htmltags); } else { $string = preg_replace('/s('.implode('|', $disabledattributes).').*?([s>])/', '', preg_replace('/<(.*?)>/ie', "'<'.preg_replace(array('/网页特效:[^"']*/i', '/(".implode('|', $disabledattributes).")[ ]*=[ ]*["'][^"']*["']/i', '/s+/'), array('', '', ' '), stripslashes('')) . '>'", strip_tags($string, $allowedtags))); } return $string; }
function drop_table($tbname) { return $this->query("drop table if exists `{$tbname}`",true); }
function version() { return mysql_get_server_info($this->dblink); } }