PHP Database Classes

Last Update:2017-08-12 Source: Internet

Author: User

Tags benchmark php database

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Simple package PHP operation MySQL class

<?PHP/*name of the class: the role of the Model class: Connect to the database Execute SQL statement author: Lim Updated: 20170812*/  classmodel{//resources to store connected databases    Private$link; //Constructing a connection database     Publicfunction __construct () {$link= Mysqli_connect (Host,user,pwd,dbname) or Die ('Database connection Failed'); $ This->link =$link; Mysqli_set_charset ($ This->link,'UTF8'); }        /*Function Name: Query () function: Process query parameter: $sql: The SQL statement that is submitted returns a value: Returns a two-dimensional array*/     Publicfunction Query ($sql) {//Filter SQL$sql =$ This-Checksql ($sql); $res= Mysqli_query ($ This-link, $sql); $list=Array (); if($res) { while($row =Mysqli_fetch_assoc ($res)) {$list []=$row; }            return$list; }        return "SQL Statement error = {$sql}"; }    /*function Name: Execute () function: Handle Add and Delete parameters: $sql: The SQL statement of the submitted return value: If it is added return ID if it is deleted and modified returns the number of affected rows */      Publicfunction Execute ($sql) {//Filter SQL$sql =$ This->checksql ($sql,"Addupddel"); $res= Mysqli_query ($ This-link, $sql); if($res) {return(MYSQLI_INSERT_ID ($ This->link))? mysqli_insert_id ($ This->link): Mysqli_affected_rows ($ This-link); }            return "SQL Statement error = {$sql}"; }            /*function Name: Checksql () function: SQL statement Filter program, provided by 80SEC, here are the appropriate parameters to modify: $sql: SQL statement processing parameters: $queryty PE: Type return value: Returns the processed SQL statement*/       Privatefunction Checksql ($sql, $querytype ='Select') {$clean="'; $error="'; $pos= -1; $old _pos=0; //if it is a normal query statement, directly filter some special syntax        if($querytype = ='Select')        {            if(Preg_match ('/[^[email Protected]\._-]{1,} (union|sleep|benchmark|load_file|outfile) [^[email protected]\.-]{1,}/', $sql)) {Die ('SQL is illegal! '); }        }        //Full SQL Check         while(true) {$pos= Strpos ($sql,'\ '', $pos +1); if($pos = = =false)            {                 Break; } $clean.= substr ($sql, $old _pos, $pos-$old _pos);  while(true) {$pos 1= Strpos ($sql,'\ '', $pos +1); $pos 2= Strpos ($sql,'\\', $pos +1); if($pos 1 = = =false)                {                     Break; }                Else if($pos 2 = =false|| $pos 2 >$pos 1) {$pos=$pos 1;  Break; } $pos= $pos 2 +1; } $clean.='$s $'; $old _pos= $pos +1; } $clean.=substr ($sql, $old _pos); $clean= Trim (Strtolower (preg_replace) (Array ('~\s+~s'), Array (' ') , $clean)); //The old version of MySQL does not support union, nor does it use union in common programs, but some hackers use it, so check it        if(Strpos ($clean,'Union') !==false&& Preg_match ('~(^|[ ^A-Z]) Union ($|[ ^[a-z]) ~s', $clean)! =0) {$fail=true; $error='Union detect'; }        //the release version of the program may include less--, #这样的注释, but hackers often use them        Else if(Strpos ($clean,'/*') >2|| Strpos ($clean,'--') !==false|| Strpos ($clean,'#') !==false) {$fail=true; $error='Comment Detect'; }        //These functions will not be used, but the hacker will use it to manipulate the files and down the database        Else if(Strpos ($clean,'Sleep') !==false&& Preg_match ('~(^|[ ^a-z]) sleep ($|[ ^[a-z]) ~s', $clean)! =0) {$fail=true; $error='Slown down Detect'; }        Else if(Strpos ($clean,'Benchmark') !==false&& Preg_match ('~(^|[ ^A-Z]) Benchmark ($|[ ^[a-z]) ~s', $clean)! =0) {$fail=true; $error='Slown down Detect'; }        Else if(Strpos ($clean,'Load_file') !==false&& Preg_match ('~(^|[ ^a-z]) Load_file ($|[ ^[a-z]) ~s', $clean)! =0) {$fail=true; $error='file Fun Detect'; }        Else if(Strpos ($clean,'Into outfile') !==false&& Preg_match ('~(^|[ ^a-z]) Into\s+outfile ($|[ ^[a-z]) ~s', $clean)! =0) {$fail=true; $error='file Fun Detect'; }        //older versions of MySQL do not support subqueries, and our programs may be used less, but hackers can use it to query database-sensitive information        Else if(Preg_match ('~\ ([^)]*?select~s', $clean)! =0) {$fail=true; $error='Sub Select Detect'; }        if(!empty ($fail)) {Die ('SQL Illegal!! '); }        Else        {            return$sql; }    }             }

PHP Database Classes

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More