www.gusucode.com > SDCMS三合一企业网站管理系统PHP源码程序 > SDCMS三合一企业网站管理系统/sdcms_swhy_v1.7/sdcms_swhy_v1.7/上传本目录中文件/app/lib/class/sdcms_db.php
<?php /** * 作用:数据库 * 官网:Http://www.sdcms.cn * 作者:IT平民 * =========================================================================== * 这不是一个自由软件!您只能在不用于商业目的的前提下对程序代码进行修改和使用; * 未经授权不允许对程序代码以任何形式任何目的的再发布。 * =========================================================================== **/ final class sdcms_db { public $conn; public $newid; public $sql; public $prefix='sd_'; public function __construct($db) { try { $this->conn=new PDO('mysql:host='.$db['DB_HOST'].';port='.$db['DB_PORT'].';dbname='.$db['DB_BASE'].'',$db['DB_USER'],$db['DB_PASS']); $this->conn->exec("set names 'UTF8'"); $this->prefix=$db['DB_PREFIX']; } catch(PDOException $e) { die($e->getMessage()); } } public function __destruct() { $this->conn=null; } public function query($sql) { $GLOBALS['query']+=1; $sql=str_replace('sd_',$this->prefix,$sql); $sql=str_replace('%s',$this->prefix,$sql); $db=$this->conn->query($sql); if($this->conn->errorCode()=='00000') { return $db; } else { #写错误日志 $error=$this->conn->errorInfo(); $str="Sql:$sql<br>日期:".date('Y-m-d H:i:s')."<br>详细:".$error[2]."<br>Url:".THIS_LOCAL."<br>IP:".getip().""; file_put_contents('app/lib/log/'.date('Y-m-d-H-i-s').'.txt',$str); $arr=['state'=>'error','msg'=>'SQL错误,详细请查阅日志']; echo json_encode($arr,JSON_UNESCAPED_UNICODE); die(); } } public function total($sql) { if(!$sql){$sql=$this->sql;} return $this->conn->query($sql)->rowCount(); } public function count($sql) { $array=$this->query($sql)->fetch(PDO::FETCH_NUM); return $array[0]; } public function load($sql) { #echo $sql.'<br>'; $array=[]; $this->sql=$sql; $result=$this->query($sql); while($data=$result->fetch(PDO::FETCH_ASSOC)) { $array[]=$data; } unset($result); return $array; } public function row($sql) { $result=$this->query($sql); if($result) { return $result->fetch(PDO::FETCH_ASSOC); } else { return false; } } public function getkeylist($id,$table,$join,$where,$order,$begin,$end,$way=0) { $str=$where; if($way==1) { $order=str_replace("desc","asc",$order); } $sql="select $id from $table $join $where $order limit $begin,$end"; $data_id=$this->load($sql); if (count($data_id)>0) { foreach ($data_id as $key=>$val) { $data_id[$key]=$val[$id]; } $str="where $id in(".implode(',',$data_id).")"; } return $str; } public function add($table,$array) { $field=array_keys($array); $value=array_values($array); array_walk($field,array($this,'add_special_char')); array_walk($value,array($this,'escape_string')); $field=implode(',',$field); $value=implode(',',$value); $result=$this->query("insert into $table ($field) values ($value)"); $this->newid=$this->conn->lastInsertId(); return $result; } public function update($table,$where,$array) { $where=!isempty($where)?'where '.$where:''; $field=''; foreach($array as $key=>$value) { $field[]=$this->add_special_char($key).'='.$this->escape_string($value); } $field=implode(',',$field); return $this->query("update $table set $field $where"); } public function del($table,$where) { $where=!isempty($where)?'where '.$where:''; return $this->query("delete from $table $where"); } public function load_field($field,$table,$where,$data='') { $where=!isempty($where)?'where '.$where:''; $sql="select $field from $table $where limit 1"; $rs=$this->row($sql); if($rs) { return $rs[$field]; } else { return $data; } } public function add_special_char(&$value) { if('*'==$value||false!==strpos($value, '(') || false !== strpos($value, '.') || false !== strpos ( $value, '`')) { #不处理包含* 或者 使用了sql方法。 } else { $value='`'.trim($value).'`'; } if(preg_match("/\b(select|insert|update|delete)\b/i", $value)) { $value=preg_replace("/\b(select|insert|update|delete)\b/i",'',$value); } return $value; } public function escape_string(&$value,$key='',$quotation=1) { if($quotation) { $q='\''; } else { $q=''; } $value=$q.$value.$q; return $value; } }