一聚教程网:一个值得你收藏的教程网站

ps教程| flash教程| 路由器设置| Jsp教程| 加入收藏

PHP教程 Css教程 操作系统 数据库 安卓下载

首页 游戏下载 软件下载 专题 资讯教程 php教程 asp.net教程 css教程 网页制作 网页特效 手机开发 办公数码
+ -
当前位置:一聚教程网 > php教程 > php安全

推荐专题

最新下载

热门教程

一款实用的php mysql数据库连接类

时间:2022-06-24 16:04:17 编辑:袖梨 来源:一聚教程网

 本款数据库连接类,他会自动加载sql防注入功能,过滤一些敏感的sql查询关键词,同时还可以增加判断字段 show table status的性质与show table类 获取数据库所有表名等。*/
@ini_set('mysql.trace_mode','off');
class mysql
{
 public $dblink;
 public $pconnect;
 private $search = array('/union(s*(/*.**/)?s*)+select/i', '/load_file(s*(/*.**/)?s*)+(/i', '/into(s*(/*.**/)?s*)+outfile/i');
 private $replace = array('union   select', 'load_file   (', 'into   outfile');
 private $rs;

 function __construct($hostname,$username,$userpwd,$database,$pconnect=false,$charset='utf8')
 {
  define('allowed_htmltags', '<meta><body><a><p><br><hr><h1><h2><h3><h4><h5><h6><font><u><i><b><strong><div><span><ol><ul><li><img><table><tr><td><map>'); <br />   $this->pconnect=$pconnect;<br />   $this->dblink=$pconnect?mysql_pconnect($hostname,$username,$userpwd):mysql_connect($hostname,$username,$userpwd);<br />   (!$this->dblink||!is_resource($this->dblink)) && fatal_error("connect to the database unsuccessfully!");<br />   @mysql_unbuffered_query("set names {$charset}");<br />   if($this->version()>'5.0.1')<br />   {<br />    @mysql_unbuffered_query("set sql_mode = ''");<br />   }<br />   @mysql_select_db($database) or fatal_error("can not select table!");<br />   return $this->dblink;<br />  }</p> <p> function query($sql,$unbuffered=false)<br />  {<br />   //echo $sql.'<br>';<br />   $this->rs=$unbuffered?mysql_unbuffered_query($sql,$this->dblink):mysql_query($sql,$this->dblink);<br />   //(!$this->rs||!is_resource($this->rs)) && fatal_error("execute the query unsuccessfully! error:".mysql_error());<br />   if(!$this->rs)fatal_error('在执行sql语句 '.$sql.' 时发生以下错误:'.mysql_error());<br />   return $this->rs;<br />  }</p> <p> function fetch_one($sql)<br />  {<br />   $this->rs=$this->query($sql);<br />   return dircms_stri<a target="_blank" href="/fw/photo.html">ps教程</a>lashes($this->filter_pass(mysql_fetch_array($this->rs,mysql_assoc)));<br />  }</p> <p> function get_maxfield($filed='id',$table) // 获取$table表中$filed字段的最大值<br />  {<br />   $r=$this->fetch_one("select {$table}.{$filed} from `{$table}` order by `{$table}`.`{$filed}` desc limit 0,1");<br />   return $r[$filed];<br />  }</p> <p> function fetch_all($sql)<br />  {<br />   $this->rs=$this->query($sql);<br />   $result=array();<br />   while($rows=mysql_fetch_array($this->rs,mysql_assoc))<br />   {<br />    $result[]=$rows;<br />   }<br />   <br />   mysql_free_result($this->rs);<br />   return dircms_stripslashes($this->filter_pass($result)); <br />  }</p> <p> function fetch_all_withkey($sql,$key='id')<br />  {<br />   $this->rs=$this->query($sql);<br />   $result=array();<br />   while($rows=mysql_fetch_array($this->rs,mysql_assoc))<br />   {<br />    $result[$rows[$key]]=$rows;<br />   }<br />   <br />   mysql_free_result($this->rs);<br />   return dircms_stripslashes($this->filter_pass($result)); <br />  }</p> <p> function last_insert_id()<br />  {<br />   if(($insertid=mysql_insert_id($this->dblink))>0)return $insertid;<br />   else //如果 auto_increment 的列的类型是 bigint,则 mysql_insert_id() 返回的值将不正确.<br />   {<br />    $result=$this->fetch_one('select last_insert_id() as insertid');<br />    return $result['insertid'];<br />   }<br />  }</p> <p> function insert($tbname,$varray,$replace=false)<br />  {<br />   $varray=$this->escape($varray);<br />   $tb_fields=$this->get_fields($tbname); // mb.111com.net 升级一下,增加判断字段是否存在<br />   <br />   foreach($varray as $key => $value)<br />   {<br />    if(in_array($key,$tb_fields))<br />    {<br />     $fileds[]='`'.$key.'`';<br />     $values[]=is_string($value)?'''.$value.''':$value;<br />    }<br />   }</p> <p>  if($fileds)<br />   {<br />    $fileds=implode(',',$fileds);<br />    $fileds=str_replace(''','`',$fileds);<br />    $values=implode(',',$values);<br />    $sql=$replace?"replace into {$tbname}({$fileds}) values ({$values})":"insert into {$tbname}({$fileds}) values ({$values})";<br />    $this->query($sql,true);<br />    return $this->last_insert_id();<br />   }<br />   else return false;<br />  }</p> <p> function update($tbname, $array, $where = '')<br />  {<br />   $array=$this->escape($array);<br />   if($where)<br />   {<br />    $tb_fields=$this->get_fields($tbname); // www.111com.net,增加判断字段是否存在<br />    <br />    $sql = '';<br />    foreach($array as $k=>$v)<br />    {<br />     if(in_array($k,$tb_fields))<br />     {<br />      $k=str_replace(''','',$k);<br />      $sql .= ", `$k`='$v'";<br />     }<br />    }<br />    $sql = substr($sql, 1);<br />    <br />    if($sql)$sql = "update `$tbname` set $sql where $where";<br />    else return true;<br />   }<br />   else<br />   {<br />    $sql = "replace into `$tbname`(`".implode('`,`', array_keys($array))."`) values('".implode("','", $array)."')";<br />   }<br />   return $this->query($sql,true);<br />  }<br />  <br />  function mysql_delete($tbname,$idarray,$filedname='id')<br />  {<br />   $idwhere=is_array($idarray)?implode(',',$idarray):intval($idarray);<br />   $where=is_array($idarray)?"{$tbname}.{$filedname} in ({$idwhere})":" {$tbname}.{$filedname}={$idwhere}";</p> <p>  return $this->query("delete from {$tbname} where {$where}",true);<br />  }</p> <p> function get_fields($table)<br />  {<br />   $fields=array();<br />   $result=$this->fetch_all("show columns from `{$table}`");<br />   foreach($result as $val)<br />   {<br />    $fields[]=$val['field'];<br />   }<br />   return $fields;<br />  }</p> <p> function get_table_status($database)<br />  {<br />   $status=array();<br />   $r=$this->fetch_all("show table status from `".$database."`"); /////// show table status的性质与show table类似,不过,可以提供每个表的大量信息。<br />   foreach($r as $v)<br />   {<br />    $status[]=$v;<br />   }<br />   return $status;<br />  }</p> <p> function get_one_table_status($table)<br />  {<br />   return $this->fetch_one("show table status like '$table'");<br />  }</p> <p> function create_fields($tbname,$fieldname,$size=0,$type='varchar') // 2010-5-14 修正一下<br />  {  <br />   if($size)<br />   {<br />    $size=strtoupper($type)=='varchar'?$size:8;<br />    $this->query("alter table `{$tbname}` add `$fieldname` {$type}( {$size} )  not null",true);<br />   }<br />   else $this->query("alter table `{$tbname}` add `$fieldname` mediumtext  not null",true);<br />   return true;<br />  }</p> <p> function get_tables() //获取所有表表名<br />  {<br />   $tables=array();<br />   $r=$this->fetch_all("show tables");<br />   foreach($r as $v)<br />   {<br />    foreach($v as $v_)<br />    {<br />     $tables[]=$v_;<br />    }<br />   }<br />   return $tables;<br />  }</p> <p> function create_model_table($tbname) //创建一个内容模型表(start:初始只有字段contentid int(20),用于内容表,/////////////////////// update:2010-5-20     默认加入`content` mediumtext not null,字段)<br />  {<br />   if(in_array($tbname,$this->get_tables())) return false;  ///////////////////// 当表名已经存在时,返回 false<br />   if($this->query("create table `{$tbname}` (<br /> `contentid` mediumint(8) not null ,<br /> `content` mediumtext not null,<br /> key ( `contentid` ) <br /> ) engine = myisam default charset=utf8",true))return true;   ////////////////////  成功则返回 true<br />   return false; //////////////失败返回 false<br />  }</p> <p> function create_table($tbname) //创建一个会员模型空表(初始只有字段userid int(20),用于会员表,2010-4-26)<br />  {<br />   if(in_array($tbname,$this->get_tables())) return false;<br />   if($this->query("create table `{$tbname}` (<br /> `userid` mediumint(8) not null ,<br /> key ( `userid` ) <br /> ) engine = myisam default charset=utf8",true))return true;<br />   return false;<br />  }</p> <p> function escape($str) // 过滤危险字符<br />  {<br />   if(!is_array($str)) return str_replace(array('n', 'r'), array(chr(10), chr(13)),mysql_real_escape_string(preg_replace($this->search,$this->replace, $str), $this->dblink));<br />   foreach($str as $key=>$val) $str[$key] = $this->escape($val);<br />   return $str;<br />  }</p> <p> function filter_pass($string, $allowedtags = '', $disabledattributes = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavaible', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragdrop', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterupdate', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmoveout', 'onmou<a target="_blank" href="/seo/seo.html">seo教程</a>ver', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'))<br />  {<br />   if(is_array($string))<br />   {<br />    foreach($string as $key => $val) $string[$key] = $this->filter_pass($val, allowed_htmltags);<br />   }<br />   else<br />   {<br />    $string = preg_replace('/s('.implode('|', $disabledattributes).').*?([s>])/', '', preg_replace('/<(.*?)>/ie', "'<'.preg_replace(array('/<a target="_blank" href="/js_a/js.html">网页特效</a>:[^"']*/i', '/(".implode('|', $disabledattributes).")[ ]*=[ ]*["'][^"']*["']/i', '/s+/'), array('', '', ' '), stripslashes('')) . '>'", strip_tags($string, $allowedtags)));<br />   }<br />   return $string;<br />  }</p> <p> function drop_table($tbname)<br />  {<br />   return $this->query("drop table if exists `{$tbname}`",true);<br />  }</p> <p> function version()<br />  {<br />   return mysql_get_server_info($this->dblink);<br />  }<br /> }</p></td> </tr> </table> <div class="articles"> <div class="tit02"> <h4>相关文章</h4> </div> <ul> <li> <a target="_blank" href="/new/464449.htm">地狱即我们战斗怎么攻击 攻击与能量获取指南​</a> <span>09-17</span> </li> <li> <a target="_blank" href="/new/464450.htm">禁闭求生2蜗牛壳头盔怎么做 蜗牛壳头盔制作攻略</a> <span>09-17</span> </li> <li> <a target="_blank" href="/new/464451.htm">地狱即我们战斗怎么招架 招架与防守反击技巧指南​</a> <span>09-17</span> </li> <li> <a target="_blank" href="/new/464452.htm">无主之地4全宣传大喇叭收集攻略 宣传大喇叭位置一览</a> <span>09-17</span> </li> <li> <a target="_blank" href="/new/464453.htm">禁闭求生2蟑螂套有什么 蟑螂套护甲制作大全</a> <span>09-17</span> </li> <li> <a target="_blank" href="/new/464454.htm">无主之地4圣城宣传大喇叭在哪 圣城宣传大喇叭收集攻略</a> <span>09-17</span> </li> </ul> </div> </div> <div class="pages art-detail"></div> </div> </div> </div> </div> <div class="hot-column"> <div class="cont"> <div class="tit"> <h4>热门栏目</h4> </div> <ul class="clearfix"> <li> <h6><a href="/list-1/" target="_blank">php教程</a></h6> <a href="/list-45/" target="_blank">php入门</a> <a href="/list-46/" target="_blank">php安全</a> <a href="/list-47/" target="_blank">php安装</a> <a href="/list-48/" target="_blank">php常用代码</a> <a href="/list-49/" target="_blank">php高级应用</a> </li> <li> <h6><a href="/list-2/" target="_blank">asp.net教程</a></h6> <a href="/list-78/" target="_blank">基础入门</a> <a href="/list-79/" target="_blank">.Net开发</a> <a href="/list-80/" target="_blank">C语言</a> <a href="/list-81/" target="_blank">VB.Net语言</a> <a href="/list-82/" target="_blank">WebService</a> </li> <li> <h6><a href="/list-6/" target="_blank">手机开发</a></h6> <a href="/list-208/" target="_blank">安卓教程</a> <a href="/list-209/" target="_blank">ios7教程</a> <a href="/list-210/" target="_blank">Windows Phone</a> <a href="/list-211/" target="_blank">Windows Mobile</a> <a href="/list-212/" target="_blank">手机常见问题</a> </li> <li> <h6><a href="/list-3/" target="_blank">css教程</a></h6> <a href="/list-99/" target="_blank">CSS入门</a> <a href="/list-100/" target="_blank">常用代码</a> <a href="/list-101/" target="_blank">经典案例</a> <a href="/list-102/" target="_blank">样式布局</a> <a href="/list-103/" target="_blank">高级应用</a> </li> <li> <h6><a href="/list-4/" target="_blank">网页制作</a></h6> <a href="/list-136/" target="_blank">设计基础</a> <a href="/list-137/" target="_blank">Dreamweaver</a> <a href="/list-138/" target="_blank">Frontpage</a> <a href="/list-139/" target="_blank">js教程</a> <a href="/list-140/" target="_blank">XNL/XSLT</a> </li> <li> <h6><a href="/list-7/" target="_blank">办公数码</a></h6> <a href="/list-236/" target="_blank">word</a> <a href="/list-237/" target="_blank">excel</a> <a href="/list-238/" target="_blank">powerpoint</a> <a href="/list-239/" target="_blank">金山WPS</a> <a href="/list-240/" target="_blank">电脑新手</a> </li> <li> <h6><a href="/list-11/" target="_blank">jsp教程</a></h6> <a href="/list-68/" target="_blank">Application与Applet</a> <a href="/list-69/" target="_blank">J2EE/EJB/服务器</a> <a href="/list-70/" target="_blank">J2ME开发</a> <a href="/list-71/" target="_blank">Java基础</a> <a href="/list-72/" target="_blank">Java技巧及代码</a> </li> </ul> </div> </div> <div class="footer"> <div class="cont"> <p> <a href="/" target="_self">一聚教程网</a>| <a href="javascript:;" class="about" target="_self">关于我们</a>| <a href="javascript:;" class="contact" target="_self">联系我们</a>| <a href="javascript:;" class="gg_contact" target="_self">广告合作</a>| <a href="javascript:;" class="friend_link" target="_self">友情链接</a>| <a href="javascript:;" class="copyright_notice" target="_self">版权声明</a> </p> <p> <span>copyRight@2007-2022 www.111CN.NET AII Right Reserved <a href="https://beian.miit.gov.cn/" target="_blank" class="beian"></a></span> </p> <p> <span> 网站内容来自网络整理或网友投稿如有侵权行为请邮件:111cn.com@163.com 我们24小时内处理 </span> </p> </div> </div> <script> var advData = {"img_fixed_pc_adv":"https:\/\/img.111cn.net\/uploads\/20240509\/663c2e9729f58.jpg","img_fixed_mob_adv":"https:\/\/img.111cn.net\/uploads\/20240509\/663c2e8793225.jpg","url_adv":"http:\/\/shop.hushen.cn\/shop\/c\/baojianpin.html","str_adv":"\u864e\u795e\u5546\u57ce\uff1a\u5173\u7231\u7537\u6027\uff0c\u66f4\u61c2\u7537\u4eba\u3002\u89e3\u51b3\u5927\u4f17\u7684\u7537\u8a00\u4e4b\u9690","img_popup_adv":"https:\/\/img.111cn.net\/uploads\/20240509\/663c2e748238d.png","pc_show_img":"2","pc_show_popup":"2","pc_show_video":"2","mob_show_img":"2","mob_show_popup":"2","mob_show_video":"2","close_adv":"https:\/\/img.111cn.net\/uploads\/20240508\/663b20650801e.png","video_adv":"\/pc\/images\/pc-adv.mp4"}; </script> <script src="/jspc/func.js" type="text/javascript"></script> <!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-DSRRGRV1TL"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-DSRRGRV1TL'); </script><script src="/js/stat.js"></script> <script src="/111/js/shCore.js"></script> <script src="/111/js/shAutoloader.js"></script> <script type="text/javascript"> function path() { var args = arguments, result = []; for (var i = 0; i < args.length; i++) result.push(args[i].replace('$', '/111/js/')); return result } $(function() { SyntaxHighlighter.autoloader.apply(null, path( 'applescript $shBrushAppleScript.js', 'css $shBrushCss.js', 'java $shBrushJava.js', 'js jscript javascript $shBrushJScript.js', 'php $shBrushPhp.js', 'py python $shBrushPython.js', 'ruby rails ror rb $shBrushRuby.js', 'sass scss $shBrushSass.js', 'sql $shBrushSql.js', 'vb vbnet $shBrushVb.js', 'xml xhtml xslt html $shBrushXml.js' )); SyntaxHighlighter.all(); }); hljs.highlightAll(); </script> </body> </html>