|
 |
| |
แจก class mysqli พื้นฐาน สำหรับป้องกัน sql injection กับชุดคำสั่ง select insert , update , delete |
| |
 |
|
|
 |
 |
|
Code (PHP)
class hk_db{
public $db;
public $insert_id='';
public $affected_rows='';
public $statement='';
public function __construct( $host, $user, $psw,$dbname ){
$this->db=new mysqli( $host, $user, $psw,$dbname);
////////////////////////////////////////////////////////////////////////
if ($this->db->connect_errno) {
echo 'Connection failer<BR><a href="' . $PHP_SELF . '?' . $_SERVER ['QUERY_STRING'] . '">Refresh</a>';
exit ();
}
$this->db->query('SET NAMES utf8');
}
public function query( $qr ){
$qr=trim($qr); $this->statement = $qr;
$rs=$this->db->query($qr) or die( json_encode(array( 'type'=>'error', 'msg'=>$this->db->error , 'sql'=>$qr )));
if(preg_match('/^insert\s/i', $qr)) $this->insert_id=$this->db->insert_id;
else if( preg_match('/^update\s/i', $qr)) $this->affected_rows=$this->db->affected_rows;
else if( preg_match('/^delete\s/i', $qr)) $this->affected_rows=$this->db->affected_rows;
return $rs;
}
// Select ( tablename, array field, where )
public function select( $tb, $fld, $where ){
return $this->query('select ' .implode(',', $fld ) . ' from '. $tb . ' where '.$where );
}
// Insert ( tablename, array field )
public function insert( $tb, $fld ){
$this->query('insert into ' . $tb . ' ' . $this->str_query( $fld ) );
}
// Update ( tablename, array field, where )
public function update( $tb, $fld, $where ){
$this->query('update ' . $tb . ' ' . $this->str_query( $fld ) . ' where '.$where );
}
// Delete ( tablename, where )
public function delete( $tb, $where ){
$this->query('delete from ' . $tb . ' where '.$where );
}
// สร้าง field hexa
public function set_bin($fldName, $fldArray){
$t = $fldArray[$fldName]; $rs = $t>''? '0x'.bin2hex($t) : "''"; return " $fldName=$rs ";
}
// สร้าง field text
public function set_str($fldName, $fldArray){
$txt=$this->db->real_escape_string($fldArray[$fldName]);
return " $fldName = '$txt' ";
}
// field integer
public function set_int($fldName, $fldArray){
$t = $fldArray[$fldName]; $rs = (int)($t); return " $fldName=$rs ";
}
// field float / double
public function set_float($fldName, $fldArray){
$t = $fldArray[$fldName]; $rs = (float)($t); return " $fldName=$rs ";
}
// กรณีไม่รู้ว่า field type อะไร
public function set_fld($k, $ro){
$vl=$ro[$k];
if(preg_match('/^0x[0-9A-Za-z]+$/', $vl)) return "$k=$vl";
if(preg_match('/^[0-9]+\.[0-9]+$/', $vl)) return $this->set_float($k, $ro);
if(preg_match('/^[0-9]+$/', $vl)) return $this->set_int($k, $ro);
return $this->set_str($k, $ro);
}
// สร้าง set data
public function str_query($ro){
$qr = '';
foreach($ro as $k=>$vl){
$qr .= ($qr? ', ' : '') . $this->set_fld($k, $ro);
}
return ' set ' . $qr;
}
}
$hk = new hk_db('host', 'user', 'psw', 'db');
$hk->update(
'tablename',
array('field1'=>$_POST['field1'], 'field2'=>$_POST['field2']),
"fieldindex=1 and fielddata='blabla' "
);
เอาไปต่อยอดกันเองนะครับ แค่เป็นพื้นฐาน
Tag : PHP, MySQL
|
|
|
 |
 |
 |
 |
| Date :
2015-06-29 09:57:15 |
By :
Chaidhanan |
View :
4387 |
Reply :
8 |
|
 |
 |
 |
 |
|
|
|
|
 |
 |
|
 |
 |
| |
|
|
|
| |
|
 
|
| |
|
|
| |
| Date :
2015-06-29 09:58:50 |
By :
apisitp |
|
|
| |
|
|
|
|
|
| |
|
|
|
| |
|
|
|
| |
|
เยี่ยมครับ
|
| |
|
|
| |
| Date :
2015-06-29 10:17:24 |
By :
mr.win |
|
|
| |
|
|
|
|
|
| |
|
|
|
| |
|
|
|
| |
|
เยี่ยมมากครับ ขอบคุณครับ
|
| |
|
|
| |
| Date :
2015-08-04 14:21:27 |
By :
bigbird1983 |
|
|
| |
|
|
|
|
|
| |
|
|
|
| |
|
|
|
| |
|
แจ๋วเลยครับ แต่เชื่อเถอะว่าเดี๋ยวก็จะยังมีกระทู้ mysql_function() มาอยู่ดี
|
| |
|
|
| |
| Date :
2015-08-04 15:37:24 |
By :
mr.v |
|
|
| |
|
|
|
|
|
| |
|
|
|
| |
|
|
|
| |
|
นั่นซิ mysql function จะยังคงอยู่ไม่ต่ำกว่า 5 ปีครับ
|
| |
|
|
| |
| Date :
2015-08-04 15:39:08 |
By :
mr.win |
|
|
| |
|
|
|
|
|
| |
|
|
|
|
|
| |
|
 Load balance : Server 03
|
