Wrote a PHP program, hoping to optimize operational efficiency and security (anti-injection), welcome all kinds of tricks fly?

Reply content:

The revolution has not yet succeeded, comrades still need to work hard. A lot of code doesn't actually work. This program can be optimized for a very short period of time.
You look at a DB class that I wrote earlier. See for yourself. All learn from each other.

There are some problems with the scalar and find methods in my middle. Ask someone to help answer it. There is an array of previous insertions, updates, and deletions, which allow me to use native SQL. You can also change the group.
Please help to see, criticize.

   /*** MySQL database class is using PDO */class DB{/*** DB Instance */Private Static $db _instance;/*** Save error message */Private Static $_error;/*** Disable copying for singleton mode */Private function __clone(){}/*** Prevent deserialization into a singleton mode */Private function __wakeup(){}/*** Prevention of instantiation */Private function __construct(){}/*** Database instantiation here if the instantiation fails to produce an error, I do not go to the capture.  */Private Static function getinstance(){if (Empty( Self::$db _instance)) {$config = Config::Get(' DB '); Self::$db _instance = New \pdo(' mysql:host= '. $config[' Host '] .';d bname= ' . $config[' database '] . ';p ort= ' . $config[' Port '], $config[' username '], $config[' Password '], Array(\pdo::Mysql_attr_init_command = ' Set names ' . $config[' CharSet '], \pdo::Attr_timeout = $config[' Timeout ']));}return  Self::$db _instance;}/*** Query scalar data* SQL statement executed @param string $sql* @param string $params need to replace the question mark in $sql if not? , then an empty array */ Public Static function scalar($sql, $params = []){$data =  Self::SelectQuery(' scalar ', $sql, $params);if (!Empty($data[0])) {return $data[0];}Else{return '';}}/*** Querying single-column data* SQL statement executed @param string $sql* @param string $params need to replace the question mark in $sql if not? , then an empty array */ Public Static function column($sql, $params = []){return  Self::SelectQuery(' column ', $sql, $params);}/*** Query a row of records */ Public Static function Find($sql, $params = []){$result =  Self::SelectQuery(' Find ', $sql, $params);if (Empty($result[0])) {return [];}return $result;}/*** Query multi-line Records */ Public Static function  All($sql, $params = []){return  Self::SelectQuery(' All ', $sql, $params);}/*** Query Data */Private Static function SelectQuery($type, $sql, $params){ Self::getinstance();$instanceStatement =  Self::$db _instance -Prepare($sql);$result = $instanceStatement -Execute($params);if ($result === false) { Self::$_error = $instanceStatement -errorinfo();return false;}Else{ Self::$_error = NULL;Switch ($type) { Case ' column ': //Gets a specified column of data Case ' scalar ': return $instanceStatement -Fetchall(\pdo::Fetch_column);  Break; //Gets the specified row of data Case ' Find ': //Gets the row of data executed Case ' All ': //Get all datadefault: return $instanceStatement -Fetchall(\pdo::Fetch_assoc); Break;}}}/*** Insert single-line data data* SQL statement executed @param string $sql* @param array $params The parameters to be inserted; */ Public function Insert($sql, $params = []){return  Self::ExecuteQuery(' Insert ', $sql, $params);}/*** Update Data */ Public function Update($sql, $params = []){return  Self::ExecuteQuery(' Update ', $sql, $params);}/*** Update data data* @param string $type Insert Update Delete* SQL statement executed @param string $sql* @param array $params need to replace the data format [field1, Field2, ...]; */Private function ExecuteQuery($type, $sql, $params){ Self::getinstance();//Initialize$instanceStatement =  Self::$db _instance -Prepare($sql);$result = $instanceStatement -Execute($params);if ($result === false) {$this -_error = $instanceStatement -errorinfo();return false;}Else{$this -_error = ''; //Clears the last error messageif ($type == ' Insert ') {return $this -DB -Lastinsertid() + $instanceStatement -RowCount() - 1; //test nature (not necessarily correct, very high risk)}Else{return $instanceStatement -RowCount();}}}/*** Get error messages */ Public Static function Error(){return  Self::$_error;}/*** Eliminate Instances */ Public Static function Clear(){ Self::$db _instance = NULL;}}?>

Then I'll be rude.

Spicy chicken from the beginning to the end.

A good big hole, at any time by people explode. Use prepared statement, bro.

->arrays () This method from the naming to implementation are very orz, others in the call this method when the mood is probably like eating a stool almost.

The connection method did not handle the re-entry, causing the Conn object to be repeatedly created also drunk.

Parameter initialization put it in the constructor. Ah, depends on the global variable what ghost.

The class name is ugly and explosive.

$this->result = mysql_query("$query",$this->conn);  

Suggest the main topic to see the YII framework or laravel their database encapsulation is how to do, you write these methods can only be considered to black PHP a lot of redundant code

