Using PHP's OOP feature to realize data protection

Source: Internet
Author: User
Tags contains count execution variables prepare string back variable visibility

In PHP 4, declaring a variable usually uses VAR, in PHP 5, you can use object-oriented programming (OOP) features to customize the visibility of data-accessibility, which is similar to the scope of the variable, but provides a better control mechanism with the following three types of visibility modifiers:

Public (default)--variables can be accessed or modified globally.
protected--variables can only be accessed or modified within the class itself and directly derived from (using the extends statement) class.
private--variables can only be accessed or modified within a class.

Like interface implementations, violating these rules in a program can cause serious errors, and, like interfaces, they exist purely for the convenience of programmers. However, this does not mean that you can ignore them, specify the visibility of a class member variable, and protect the data within the object from external influences.

Suppose there is a mysqldb class in which a $link variable is declared private, meaning that the variable can only be accessed from within the object using the $this variable, which prevents accidental overwriting of other objects or functions outside the class, We'll use the visibility feature to help us create a query object.

You can think of query as a separate entity that can execute and return results. Some database systems also have stored procedures that are similar to functions, store query statements, and accept the corresponding arguments when invoked, but MySQL does not provide similar functionality until version 5.1, and some other types of database management systems do not.

In this article, you will combine the two attributes above into the sample query object, which simulates a basic stored procedure and saves the result pointer internally. Currently, the focus is on executing query from the object, where you can invoke the query () function of the MySQLdb object.

You can define the following public function in the query object:

__construct ()--the constructor accepts a parameter that contains a reference to an instance of the DB interface object.

Prepare ()--function prepare () initializes the stored procedure for query. It may contain one or more limited placeholders that will be passed as arguments to the Execute () function. A placeholder is defined as a colon that is associated with the number of parameters followed by an integer and a letter related to the parameter type.

A simple query that contains placeholders looks like this:

SELECT col1,col2 from table_name WHERE col1=:1i
Execute ()--the function execute () executes query. If it is prematurely initialized to a stored procedure by the prepare () function, any parameters passed in are used as the execution parameters of the stored procedure, otherwise the first argument will only be used as the query text. The function execute () returns the result of executing the query.

Compile ()--function compile () is similar to the function execute (), in fact, query does not execute, but instead replaces all placeholders in the query string, accepts the parameters of the stored procedure, and returns the compiled version of query.

   Protected Members

As mentioned above, the concept of visibility can be used to hide the internal work of objects and to protect the data integrity required for internal work. As explained earlier, the result pointer returned by query will be saved as the protected property, where the protected member is used because a particular database query object derived from the query object may overload some core functionality.

   Deep Digging Code

Theory enough, now start writing code, first, create a template as shown in Example 1:

Example 1: A template for the database query class

Class Dbquery
{
/**
* Save a reference that implements the DB interface object.
*/
protected $db;

/**
* If it is a stored procedure, set to true.
*/
Protected $stored _procedure = false;

/**
* Save a query that deletes all the strings.
*/
Private $query;

/**
* Used to match quotes in SQL.
*/
private static $QUOTE _match = "/(". * (? db = $db;
}

Public function prepare ($query)
{
$this->stored_procedure = true;
}

Public function compile ($args)
{}

Public function execute ($query)
{}
}

   function Prepare

The first thing you need to do to use the template in Example 1 is to build the prepare () function to ensure that no quoted characters are accidentally parsed into placeholders, and that the function should remove all the strings in query and store them temporarily in an array. The string itself is also replaced by a placeholder, which is often recognized as a sequence of strings that should not appear in SQL statements. During query compilation, the process placeholder specifier is replaced first, then the string is put back in query, through the Preg_replace () function, and another helper callback function that serves as the preg_replace () function.

Example 2:prepare () function

/**
* Prepare query as a stored procedure.
* @param string $query Prepared query text
* @return void
*/
Public function prepare ($query)
{
$this->stored_procedure = true;
$this->quote_store = Array (); Clear Quotes
$this->query = Preg_replace (self:: $QUOTE _match, ' $this->sql_quote_replace ("1"?) 1 ": ' 2 ') ', $query);
}

Private Function Sql_quote_replace ($match)
{
$number = count ($this->query_strings);
$this->query_strings[] = $match;
Return "$| | $ $number ";
}
Notice the use of the static Quote_match property private, as well as the Quote_store property and the Sql_quote_replace () function. In contrast to protected, this definition of private makes sure that any subclass of the overloaded query class prepare () method uses its own mechanism to remove quotes.

   function Compile

The next step is to build the compile () and execute () functions.

function compile (), as shown in Example 3, features the following:

• The number of parameters accepted is variable (that is, a variable parameter) that matches the placeholder in query.

• Check that the placeholder is the correct data type and replace it with the value in the parameter.

• Returns query as a string, but does not execute it.

• If the query object is not initialized to a stored procedure using the Prepare () function, an exception is thrown.

Example 3:compile () function

/**
* Returns the compiled query, but does not execute it.
* @param mixed $args,... Query Parameters
* @return String Compiled Query
*/
Public function compile ($params)
{
if (! $this->stored_procedure) {
throw new Exception ("Stored procedure not initialized!") ");
}

/* Substitution Parameter * *
$params = Func_get_args (); Get function arguments
$query = Preg_replace ("/(? query);

return $this->add_strings ($query); Put the string back in query
}

/**
* Reinsert the string removed by the prepare () function.
*/
Private Function Add_strings ($string)
{
$numbers = Array_keys ($this->query_strings);
$count = count ($numbers);
$searches = Array ();
for ($x = 0; $x < $count; $x + +) {
$searches [$x] = "$| | ${$numbers [$x]} ";
}

Return Str_replace ($searches, $this->query_strings, $string);
}

/**
* Each execution, a placeholder is replaced in the stored procedure.
*/
protected function Compile_callback ($params, $index, $type)
{
--$index;

/* Throw an exception * *
if (! isset ($params [$index])) {
throw new Exception ("The number of parameters required for the stored procedure not received!") ");
}

/* You can add other types here, such as date and time. */
Switch ($type) {
Case ' S ':
Return ' "'. $this->db->escape_string ($params [$index]). '"';
Break
Case ' I ':
return (int) $params [$index];
Break
Case ' N ':
return (float) $params [$index];
Default
throw new Exception (the data type specified in the stored procedure ' $type ' is not recognized.) ");
}
}
The function compile () uses two additional functions, where the Compile_callback () function is used as a callback function in the Preg_replace () function call, each time a placeholder is found in query. and replace it with the value passed to the compile function, it is executed.

   function Execute

Finally, you need to build the function execute (), the function execute () compiles query and executes it using the DB object, which is used to initialize the Dbquery object. Notice in Example 4 how the function Call_user_func_array () is used to get the compiled query, and the reason for this is that the function execute () will not be able to determine the number of arguments passed to it until run time.

Example 4:execute () function

/**
*
* Executes the current query and replaces the placeholder with the supplied parameter.
*
* @param mixed $queryParams,... Query parameter
* @return Resource A reference to the resource representing the executed query.
*/
Public Function Execute ($queryParams = ')
{
For example: SELECT * from table WHERE name=:1s and Type=:2i and level=:3n
$args = Func_get_args ();

if ($this->stored_procedure) {
/* Call function Compile to get query/*
$query = Call_user_func_array (Array ($this, ' compile '), $args);
} else {
/* If the stored procedure is not initialized, execute it as standard query. */
$query = $queryParams;
}

$this->result = $this->db->query ($query);

return $this->result;
}
   all integrated.

To demonstrate how to use the query object, a small example is constructed that will use the Dbquery object as a stored procedure and check that the correct username and password are entered, see Example 5:

Example 5:

Require ' MYSQL_DB.PHP5 ';
Require_once ' QUERY2.PHP5 ';


$db = new MySQLdb;
$db->connect (' host ', ' username ', ' pass ');
$db->query (' use Content_management_system ');

$query = new Dbquery ($DB);

$query->prepare (' SELECT fname,sname from users WHERE username=:1s and pword=:2s and Expire_time<:3i ');

if ($result = $query->execute ("Visualad", "apron", Time ())) {
if ($db->num_rows ($result) = = 1) {
Echo (' The credentials are correct. ');
} else {
Echo (' credential is incorrect, session has expired. ');
}
} else {
Echo (' An error occurred while executing query: '. $db->error ());
}
In this article, you've seen how to use the access modifier private, protected, and public to protect data and restrict the visibility of data objects when declaring class variables, while in PHP 5 These concepts can also be used in other data classes to protect their important internal data.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.