I wrote a php program, hoping to optimize the running efficiency and security (anti-injection). are you welcome to various tricks? -Php Tutorial

Php Chinese network (www.php.cn) provides the most comprehensive basic tutorial on programming technology, introducing HTML, CSS, Javascript, Python, Java, Ruby, C, PHP, basic knowledge of MySQL and other programming languages. At the same time, this site also provides a large number of online instances, through which you can better learn programming... Reply: The revolution has not yet succeeded, and comrades still need to work hard. A lot of code is not actually used. This program can be optimized very short.
Let's take a look at a DB Class I wrote earlier. For more information, see. Learn from each other.

The scalar and find methods in the middle have some problems. Please help me to answer the question. In addition, the previous inserts, updates, and deletions all use arrays. This allows me to use native SQL. You can also change it to an array.
Please take a look and correct your criticism.

  'Set names '. $ config ['charset'], \ PDO: ATTR_TIMEOUT => $ config ['timeout']);} return self: $ db_instance ;} /*** query scalar data * @ param string $ SQL statement executed by SQL * @ param string $ params: replace the question mark in $ SQL. if not ?, It is an empty array */public static function scalar ($ SQL, $ params = []) {$ data = self: selectQuery ('scalar ', $ SQL, $ params ); if (! Empty ($ data [0]) {return $ data [0];} else {return '';}} /*** query single column data * @ param string $ SQL statement executed by SQL * @ param string $ params: replace the question mark in $ SQL. if not ?, An empty array */public static function column ($ SQL, $ params = []) {return self: selectQuery ('column ', $ SQL, $ params );} /*** query a row of records */public static function find ($ SQL, $ params = []) {$ result = self: selectQuery ('find ', $ SQL, $ params); if (empty ($ result [0]) {return [];} return $ result ;} /*** query multi-row records */public static function all ($ SQL, $ params = []) {return self: selectQuery ('all', $ SQL, $ params);}/*** query data */priv Ate static function selectQuery ($ type, $ SQL, $ params) {self: getInstance (); $ instanceStatement = self ::$ db_instance-> prepare ($ SQL ); $ result = $ instanceStatement-> execute ($ params); if ($ result = false) {self: $ _ error = $ instanceStatement-> errorInfo (); return false;} else {self: $ _ error = null; switch ($ type) {case 'column': // Obtain the specified column of data case 'scalar ': return $ instanceStatement-> fetchAll (\ PDO: FETCH_COLUMN); Break; // Obtain the specified data row case 'found ': // Obtain the executed data row case 'all': // Obtain all data default: return $ instanceStatement-> fetchAll (\ PDO: FETCH_ASSOC); break ;}}} /*** insert a single row of data * @ param string $ SQL statement * @ param array $ parameters to be inserted in params; */public function insert ($ SQL, $ params = []) {return self: executeQuery ('insert', $ SQL, $ params);}/*** update data */public function update ($ SQL, $ params = []) {return self: executeQuery ('update ', $ SQL, $ params );} /*** update data ** @ param string $ type insert update delete * @ param string $ SQL statement executed by SQL * @ param array $ params need to be replaced? Data format of [field1, field2,...]; */private function executeQuery ($ type, $ SQL, $ params) {self: getInstance (); // initialize $ instanceStatement = self :: $ db_instance-> prepare ($ SQL); $ result = $ instanceStatement-> execute ($ params); if ($ result = false) {$ this-> _ error = $ instanceStatement-> errorInfo (); return false;} else {$ this-> _ error = ''; // clear the previous error message if ($ type = 'insert') {return $ this-> db-> lastInsertId () + $ instanceS Tatement-> rowCount ()-1; // Test nature (not necessarily correct, highly risky)} else {return $ instanceStatement-> rowCount ();}}} /*** get error message */public static function error () {return self: $ _ error;}/*** remove instance */public static function clear () {self ::$ db_instance = null ;}}?>

You're welcome.

Spicy chicken from start to end.

This is a big hole that can be exploited at any time. Use prepared statement, bro.

-> The arrays () method is very orz from naming to implementation. when others call this method, their mood is probably similar to eating stool.

The connection method is not properly reentrant, and the conn object is also drunk when it is created repeatedly.

Put the parameter initialization in the constructor. it depends on the global variable.

Class name is ugly.

$this->result = mysql_query("$query",$this->conn);  

It is recommended that you refer to Yii framework or laravel to see how their database encapsulation works. the methods you write can only be considered as a lot of redundant php code.