珂珂的个人博客 - 一个程序猿的个人网站
自己写的一个pdo操作数据库类 全部用参数化的形式防止注入,还有根据数组自动生成sql 来执行新增和修改
<?php
if(stristr($_SERVER["PHP_SELF"],basename(__FILE__)))
{
exit('forbidden');
}
require_once 'IDbHelper.php';
class PdoHelper implements IDbHelper {
private $host;
private $user;
private $password;
private $dbname;
private $port;
private $charset;
private $pdo;
function __construct($host,$user,$password,$dbname,$port=3306,$charset="utf-8")
{
$this->host=$host;
$this->user=$user;
$this->password=$password;
$this->dbname=$dbname;
$this->port=$port;
$this->charset=$charset;
$this->init();
}
private function init()
{
if($this->pdo==null)
{
$_opts_values = array(PDO::ATTR_PERSISTENT=>true,PDO::ATTR_ERRMODE=>2,PDO::MYSQL_ATTR_INIT_COMMAND=>'SET NAMES utf8');
$this->pdo=new PDO("mysql:host=".$this->host.";port=".$this->port.";dbname=".$this->dbname,$this->user,$this->password,$_opts_values);
}
}
/* (non-PHPdoc)
* @see IDbHelper::query()
*/
public function query($sql,$arr=null) {
// TODO Auto-generated method stub
$this->init();
$stmt = $this->pdo->prepare ( $sql);
if($arr!=null)
{
foreach ($arr as $key=>$val)
{
$stmt->bindValue(":".$key,$val);
}
}
//执行
$result=$stmt->execute();
if ($stmt->errorCode() != '00000'){
print_r($stmt->errorInfo());
return null;
}
//获取数据
$result=$stmt->fetchAll();
$this->pdo=null;
return $result;
}
/* (non-PHPdoc)
* @see IDbHelper::getRow()
*/
public function getRow($sql,$arr=null) {
// TODO Auto-generated method stub
$result=$this->query($sql,$arr);
if($result)
{
return $result[0];
}
}
/* (non-PHPdoc)
* @see IDbHelper::getObject()
*/
public function getObject($sql,$arr=null) {
// TODO Auto-generated method stub
$result=$this->query($sql,$arr);
if($result)
{
return $result[0][0];
}
}
/* (non-PHPdoc)
* @see IDbHelper::exec()
*/
public function exec($sql,$arr=null) {
// TODO Auto-generated method stub
$this->init();
$stmt = $this->pdo->prepare ( $sql);
if($arr!=null)
{
foreach ($arr as $key=>$val)
{
$stmt->bindValue(":".$key,$val);
}
}
//执行
$count=$stmt->execute();
if ($stmt->errorCode() != '00000'){
print_r($stmt->errorInfo());
return null;
}
$this->pdo=null;
return $count;
}
public function data(){
$this->init();
return $this->pdo;
}
/* (non-PHPdoc)
* @see IDbHelper::Insert()
*/
function Insert($tableName, $arr)
{
$this->init();
$sql="insert into ".$tableName." (";
$col="";
$values="";
foreach ($arr as $key=>$val)
{
$col.=$key.",";
$values.=":".$key.",";
}
$col=rtrim($col,",");
$values=rtrim($values,",");
$sql=$sql.$col.") values (".$values.")";
$stmt = $this->pdo->prepare ( $sql );
foreach ($arr as $key=>$val)
{
$stmt->bindValue(":".$key,$val);
}
$count=$stmt->execute();
if ($stmt->errorCode() != '00000'){
print_r($stmt->errorInfo());
}
$this->pdo=null;
return $count;
}
/* (non-PHPdoc)
* @see IDbHelper::Update()
*/
function Update($tableName,$primary,$arr)
{
$sql="update ".$tableName." set ";
$col="";
foreach ($arr as $key=>$val)
{
if($key!=$primary)
{
$sql=$sql." ".$key."=:".$key.",";
}
}
$sql=rtrim($sql,",");
$sql=$sql." where ".$primary."=:".$primary."";
$stmt = $this->pdo->prepare ( $sql );
foreach ($arr as $key=>$val)
{
$stmt->bindValue(":".$key,$val);
}
$count=$stmt->execute();
if ($stmt->errorCode() != '00000'){
print_r($stmt->errorInfo());
}
$this->pdo=null;
return $count;
}
function __destruct()
{
$this->pdo=null;
}
}
?>用法如下
public function Insert($model) {
$db = \DbFactory::createIDbHelper ();
$ip = getIP ();
$ip = preg_replace ( "/,\s*10.\d+.\d+.\d+/", "", $ip );
if ($db->getObject ( "select count(*) from ipaddress where IP='" . $ip . "'" ) == 0) {
$html = file_get_contents ( "http://ip.taobao.com/service/getIpInfo.php?ip=" . $ip );
$json = json_decode ( $html );
$country = $json->data->country;
$city = $json->data->city;
$arr = array (
"id" => create_guid (),
"IP"=>$ip,
"Country" => $country,
"City" => $city,
"ADD_DATE" => date ( "y-m-d H:i:s" ),
"UPDATE_DATE" => date ( "y-m-d H:i:s" )
);
$db->Insert ( "ipaddress", $arr );
}
$model ["visitID"] = create_guid ();
$model ["visitIP"] = $ip;
$model ["ADD_DATE"] = date ( "y-m-d H:i:s" );
$model ["UPDATE_DATE"] = date ( "y-m-d H:i:s" );
$count = $db->Insert ( "visit", $model );
return $count;
}