一款简单实用的php操作mysql数据库类

本文实例讲述了一款简单实用的php操作mysql数据库类。分享给大家供大家参考。具体如下：

复制代码 代码如下:/* 本款数据库连接类，他会自动加载sql防注入功能，过滤一些敏感的sql查询关键词，同时还可以增加判断字段 show table status的性质与show table类 获取数据库所有表名等。*/ @ini_set("mysql.trace_mode","off"); class mysql { public $dblink;  public $pconnect;  private $search = array("/union(s*(/*.**/)?s*)+select/i", "/load_file(s*(/*.**/)?s*)+(/i", "/into(s*(/*.**/)?s*)+outfile/i");  private $replace = array("union   select", "load_file   (", "into   outfile");  private $rs;   function __construct($hostname,$username,$userpwd,$database,$pconnect=false,$charset="utf8")  {   define("allowed_htmltags", "<html><embed><title><meta><body><a><p><br><hr><h1><h2><h3><h4><h5><h6><font><u><i><b><strong><div><span><ol><ul><li><img><table><tr><td><map>");    $this->pconnect=$pconnect;   $this->dblink=$pconnect?mysql_pconnect($hostname,$username,$userpwd):mysql_connect($hostname,$username,$userpwd);   (!$this->dblink||!is_resource($this->dblink)) && fatal_error("connect to the database unsuccessfully!");   @mysql_unbuffered_query("set names {$charset}");   if($this->version()>"5.0.1")   {    @mysql_unbuffered_query("set sql_mode = """);   }   @mysql_select_db($database) or fatal_error("can not select table!");   return $this->dblink;  }   function query($sql,$unbuffered=false)  {   //echo $sql."<br>";   $this->rs=$unbuffered?mysql_unbuffered_query($sql,$this->dblink):mysql_query($sql,$this->dblink);   //(!$this->rs||!is_resource($this->rs)) && fatal_error("execute the query unsuccessfully! error:".mysql_error());   if(!$this->rs)fatal_error("在执行sql语句 ".$sql." 时发生以下错误:".mysql_error());   return $this->rs;  }   function fetch_one($sql)  {   $this->rs=$this->query($sql);   return dircms_strips教程lashes($this->filter_pass(mysql_fetch_array($this->rs,mysql_assoc)));  }   function get_maxfield($filed="id",$table) // 获取$table表中$filed字段的最大值  {   $r=$this->fetch_one("select {$table}.{$filed} from `{$table}` order by `{$table}`.`{$filed}` desc limit 0,1");   return $r[$filed];  }   function fetch_all($sql)  {   $this->rs=$this->query($sql);   $result=array();   while($rows=mysql_fetch_array($this->rs,mysql_assoc))   {    $result[]=$rows;   }      mysql_free_result($this->rs);   return dircms_stripslashes($this->filter_pass($result));   }   function fetch_all_withkey($sql,$key="id")  {   $this->rs=$this->query($sql);   $result=array();   while($rows=mysql_fetch_array($this->rs,mysql_assoc))   {    $result[$rows[$key]]=$rows;   }      mysql_free_result($this->rs);   return dircms_stripslashes($this->filter_pass($result));   }   function last_insert_id()  {   if(($insertid=mysql_insert_id($this->dblink))>0)return $insertid;   else //如果 auto_increment 的列的类型是 bigint，则 mysql_insert_id() 返回的值将不正确.   {    $result=$this->fetch_one("select last_insert_id() as insertid");    return $result["insertid"];   }  }   function insert($tbname,$varray,$replace=false)  {   $varray=$this->escape($varray);   $tb_fields=$this->get_fields($tbname); // 升级一下，增加判断字段是否存在      foreach($varray as $key => $value)   {    if(in_array($key,$tb_fields))    {     $fileds[]="`".$key."`";     $values[]=is_string($value)?""".$value.""":$value;    }   }    if($fileds)   {    $fileds=implode(",",$fileds);    $fileds=str_replace(""","`",$fileds);    $values=implode(",",$values);    $sql=$replace?"replace into {$tbname}({$fileds}) values ({$values})":"insert into {$tbname}({$fileds}) values ({$values})";    $this->query($sql,true);    return $this->last_insert_id();   }   else return false;  }   function update($tbname, $array, $where = "")  {   $array=$this->escape($array);   if($where)   {    $tb_fields=$this->get_fields($tbname); // 增加判断字段是否存在        $sql = "";    foreach($array as $k=>$v)    {     if(in_array($k,$tb_fields))     {      $k=str_replace(""","",$k);      $sql .= ", `$k`="$v"";     }    }    $sql = substr($sql, 1);        if($sql)$sql = "update `$tbname` set $sql where $where";    else return true;   }   else   {    $sql = "replace into `$tbname`(`".implode("`,`", array_keys($array))."`) values("".implode("","", $array)."")";   }   return $this->query($sql,true);  }    function mysql_delete($tbname,$idarray,$filedname="id")  {   $idwhere=is_array($idarray)?implode(",",$idarray):intval($idarray);   $where=is_array($idarray)?"{$tbname}.{$filedname} in ({$idwhere})":" {$tbname}.{$filedname}={$idwhere}";    return $this->query("delete from {$tbname} where {$where}",true);  }   function get_fields($table)  {   $fields=array();   $result=$this->fetch_all("show columns from `{$table}`");   foreach($result as $val)   {    $fields[]=$val["field"];   }   return $fields;  }   function get_table_status($database)  {   $status=array();   $r=$this->fetch_all("show table status from `".$database."`"); /////// show table status的性质与show table类似，不过，可以提供每个表的大量信息。   foreach($r as $v)   {    $status[]=$v;   }   return $status;  }   function get_one_table_status($table)  {   return $this->fetch_one("show table status like "$table"");  }   function create_fields($tbname,$fieldname,$size=0,$type="varchar") // 2010-5-14 修正一下  {     if($size)   {    $size=strtoupper($type)=="varchar"?$size:8;    $this->query("alter table `{$tbname}` add `$fieldname` {$type}( {$size} )  not null",true);   }   else $this->query("alter table `{$tbname}` add `$fieldname` mediumtext  not null",true);   return true;  }   function get_tables() //获取所有表表名  {   $tables=array();   $r=$this->fetch_all("show tables");   foreach($r as $v)   {    foreach($v as $v_)    {     $tables[]=$v_;    }   }   return $tables;  }   function create_model_table($tbname) //创建一个内容模型表（start：初始只有字段contentid int(20)，用于内容表，/////////////////////// update：2010-5-20     默认加入`content` mediumtext not null,字段）  {   if(in_array($tbname,$this->get_tables())) return false;  ///////////////////// 当表名已经存在时，返回 false   if($this->query("create table `{$tbname}` ( `contentid` mediumint(8) not null , `content` mediumtext not null, key ( `contentid` )  ) engine = myisam default charset=utf8",true))return true;   ////////////////////  成功则返回 true   return false; //////////////失败返回 false  }   function create_table($tbname) //创建一个会员模型空表（初始只有字段userid int(20)，用于会员表，2010-4-26）  {   if(in_array($tbname,$this->get_tables())) return false;   if($this->query("create table `{$tbname}` ( `userid` mediumint(8) not null , key ( `userid` )  ) engine = myisam default charset=utf8",true))return true;   return false;  }   function escape($str) // 过滤危险字符  {   if(!is_array($str)) return str_replace(array("n", "r"), array(chr(10), chr(13)),mysql_real_escape_string(preg_replace($this->search,$this->replace, $str), $this->dblink));   foreach($str as $key=>$val) $str[$key] = $this->escape($val);   return $str;  }   function filter_pass($string, $allowedtags = "", $disabledattributes = array("onabort", "onactivate", "onafterprint", "onafterupdate", "onbeforeactivate", "onbeforecopy", "onbeforecut", "onbeforedeactivate", "onbeforeeditfocus", "onbeforepaste", "onbeforeprint", "onbeforeunload", "onbeforeupdate", "onblur", "onbounce", "oncellchange", "onchange", "onclick", "oncontextmenu", "oncontrolselect", "oncopy", "oncut", "ondataavaible", "ondatasetchanged", "ondatasetcomplete", "ondblclick", "ondeactivate", "ondrag", "ondragdrop", "ondragend", "ondragenter", "ondragleave", "ondragover", "ondragstart", "ondrop", "onerror", "onerrorupdate", "onfilterupdate", "onfinish", "onfocus", "onfocusin", "onfocusout", "onhelp", "onkeydown", "onkeypress", "onkeyup", "onlayoutcomplete", "onload", "onlosecapture", "onmousedown", "onmouseenter", "onmouseleave", "onmousemove", "onmoveout", "onmouseo教程ver", "onmouseup", "onmousewheel", "onmove", "onmoveend", "onmovestart", "onpaste", "onpropertychange", "onreadystatechange", "onreset", "onresize", "onresizeend", "onresizestart", "onrowexit", "onrowsdelete", "onrowsinserted", "onscroll", "onselect", "onselectionchange", "onselectstart", "onstart", "onstop", "onsubmit", "onunload"))  {   if(is_array($string))   {    foreach($string as $key => $val) $string[$key] = $this->filter_pass($val, allowed_htmltags);   }   else   {    $string = preg_replace("/s(".implode("|", $disabledattributes).").*?([s>])/", "", preg_replace("/<(.*?)>/ie", ""<".preg_replace(array("/网页特效:[^""]*/i", "/(".implode("|", $disabledattributes).")[ ]*=[ ]*[""][^""]*[""]/i", "/s+/"), array("", "", " "), stripslashes("
")) . ">"", strip_tags($string, $allowedtags)));   }   return $string;  }   function drop_table($tbname)  {   return $this->query("drop table if exists `{$tbname}`",true);  }   function version()  {   return mysql_get_server_info($this->dblink);  } }

希望本文所述对大家的PHP程序设计有所帮助。