/firstrend/src/core/class/db.class.php
PHP | 438 lines | 243 code | 41 blank | 154 comment | 37 complexity | 7bed42a14f1c2b99f537be6aaefc47dd MD5 | raw file
Possible License(s): Apache-2.0, AGPL-1.0, GPL-2.0, GPL-3.0, LGPL-2.1
- <?php
- // +----------------------------------------------------------------------
- // | ?????????? (Build on ThinkPHP)
- // +----------------------------------------------------------------------
- // | Copyright (c) 2011 http://fanwe.com All rights reserved.
- // +----------------------------------------------------------------------
-
- /**
- * ?????????
- *
- * @package class
- * @author awfigq <awfigq@qq.com>
- */
- class FDB
- {
- /**
- * ???????
- * @access public
- * @param string $dbclass ???????
- * @return object
- */
- public function &object($dbclass = 'FDbMySql')
- {
- static $db;
- if(empty($db))
- $db = new $dbclass();
- return $db;
- }
-
- /**
- * ???????????
- * @access public
- * @param string $table ??
- * @return string
- */
- public function table($table)
- {
- return FDB::_execute('tableName', $table);
- }
-
- /**
- * ????
- * @access public
- * @param string $table ??
- * @param mixed $condition ??(??????)
- * @param int $limit ?????????0??????????????
- * @param bool $unbuffered ? true(??) ???/????
- * @return mixed
- */
- public function delete($table, $condition, $limit = 0, $unbuffered = true)
- {
- if(empty($condition))
- $where = '1';
- elseif(is_array($condition))
- $where = FDB::implodeFieldValue($condition, ' AND ');
- else
- $where = $condition;
-
- $sql = "DELETE FROM ".FDB::table($table)." WHERE $where ".($limit ? "LIMIT $limit" : '');
- return FDB::query($sql, ($unbuffered ? '' : ''));
- }
-
- /**
- * ????
- * @access public
- * @param string $table ??
- * @param array $data ??
- * @param bool $return_insert_id ???? INSERT ????? ID ???false???
- * @param bool $replace ??????? ???false
- * @param bool $silent ????? ???flase(??)
- * @return mixed
- */
- public function insert($table, $data, $return_insert_id = false, $replace = false, $silent = false)
- {
- $sql = FDB::implodeFieldValue($data);
- $cmd = $replace ? 'REPLACE INTO' : 'INSERT INTO';
- $table = FDB::table($table);
- $silent = $silent ? 'SILENT' : '';
- $return = FDB::query("$cmd $table SET $sql", $silent);
- return $return_insert_id ? FDB::insertId() : $return;
- }
-
- /**
- * ????
- * @access public
- * @param string $table ??
- * @param array $data ??
- * @param mixed $condition ??(??????)
- * @param bool $unbuffered ?????/???? ??false(??/???? )
- * @param bool $low_priority ???? ???false
- * @return mixed
- */
- function update($table, $data, $condition, $unbuffered = false, $low_priority = false)
- {
- $sql = FDB::implodeFieldValue($data);
- $cmd = "UPDATE ".($low_priority ? 'LOW_PRIORITY' : '');
- $table = FDB::table($table);
- $where = '';
- if(empty($condition))
- $where = '1';
- elseif(is_array($condition))
- $where = FDB::implodeFieldValue($condition, ' AND ');
- else
- $where = $condition;
-
- $res = FDB::query("$cmd $table SET $sql WHERE $where", $unbuffered ? 'UNBUFFERED' : '');
- return $res;
- }
-
- /**
- * ??????sql??
- * @access public
- * @param array $array ??
- * @param string $glue ???
- * @return string
- */
- public function implodeFieldValue($array, $glue = ',')
- {
- $sql = $comma = '';
- foreach ($array as $k => $v)
- {
- $sql .= $comma."`$k`='$v'";
- $comma = $glue;
- }
- return $sql;
- }
-
- /**
- * ?? INSERT ????? ID
- * @return mixed
- */
- public function insertId()
- {
- return FDB::_execute('insertId');
- }
-
- /**
- * ???????????????
- * @access public
- * @param resource $resourceid ???
- * @param string $type ???? MYSQL_ASSOC?MYSQL_NUM?MYSQL_BOTH????MYSQL_ASSOC(???????)
- * @return array
- */
- public function fetch($resourceid, $type = MYSQL_ASSOC)
- {
- return FDB::_execute('fetchArray', $resourceid, $type);
- }
-
- /**
- * ?????????????
- * @access public
- * @param string $sql ????
- * @return array
- */
- public function fetchFirst($sql)
- {
- FDB::checkQuery($sql);
- return FDB::_execute('fetchFirst', $sql);
- }
-
- /**
- * ????????????
- * @access public
- * @param string $sql ????
- * @return array
- */
- public function fetchAll($sql)
- {
- FDB::checkQuery($sql);
- return FDB::_execute('fetchAll', $sql);
- }
-
- /**
- * ??????????????
- * @access public
- * @param resource $resourceid ???
- * @param int/string $row ?????????? ???0(?????)
- * @return mixed
- */
- public function result($resourceid, $row = 0)
- {
- return FDB::_execute('result', $resourceid, $row);
- }
-
- /**
- * ???????????????
- * @access public
- * @param string $sql ????
- * @return mixed
- */
- public function resultFirst($sql)
- {
- FDB::checkQuery($sql);
- return FDB::_execute('resultFirst', $sql);
- }
-
- /**
- * ????
- * @access public
- * @param string $sql ????
- * @param string $type
- * @return mixed
- */
- public function query($sql, $type = '')
- {
- FDB::checkQuery($sql);
- return FDB::_execute('query', $sql, $type);
- }
-
- /**
- * ???????
- * @access public
- * @param resource $resourceid ???(?? SELECT ????)
- * @return int
- */
- public function numRows($resourceid)
- {
- return FDB::_execute('numRows', $resourceid);
- }
-
-
- /**
- * ????? MySQL ??????????(INSERT?UPDATE ? DELETE )
- * @return int
- */
- public function affectedRows()
- {
- return FDB::_execute('affectedRows');
- }
-
- /**
- * ????????? result ??????
- * @return bool
- */
- public function freeResult($resourceid)
- {
- return FDB::_execute('freeResult', $resourceid);
- }
-
- /**
- * ????????: "IN('a','b')";
- *
- * @access public
- * @param mix $item_list ????????
- * @param string $field_name ????
- * @return string
- */
- public function createIN($item_list, $field_name = '')
- {
- if (empty($item_list))
- {
- return $field_name . " IN ('') ";
- }
- else
- {
- if (! is_array($item_list))
- {
- $item_list = explode(',', $item_list);
- }
- $item_list = array_unique($item_list);
- $item_list_tmp = '';
- foreach ($item_list as $item)
- {
- if ($item !== '')
- {
- $item_list_tmp .= $item_list_tmp ? ",'$item'" : "'$item'";
- }
- }
- if (empty($item_list_tmp))
- {
- return $field_name . " IN ('') ";
- }
- else
- {
- return $field_name . ' IN (' . $item_list_tmp . ') ';
- }
- }
- }
-
- function error()
- {
- return FDB::_execute('error');
- }
-
- function errno()
- {
- return FDB::_execute('errno');
- }
-
- /**
- * ??????
- *
- * @access private
- * @param string $cmd ????
- * @param mixed $arg1 ??1
- * @param mixed $arg2 ??2
- * @return mixed
- */
- private function _execute($cmd , $arg1 = '', $arg2 = '')
- {
- static $db;
- if(empty($db)) $db = & FDB::object();
- $res = $db->$cmd($arg1, $arg2);
- return $res;
- }
-
- /**
- * ????????
- *
- * @access private
- * @param string $sql ????
- * @return bool
- */
- private function checkQuery($sql)
- {
- static $status = null, $checkcmd = array('SELECT', 'UPDATE', 'INSERT', 'REPLACE', 'DELETE');
-
- global $_FANWE;
-
- if($status === null)
- $status = $_FANWE['config']['security']['query']['status'];
-
- if($status)
- {
- $cmd = trim(strtoupper(substr($sql, 0, strpos($sql, ' '))));
- if(in_array($cmd, $checkcmd))
- {
- $test = FDB::_doQuerySafe($sql);
- //if($test < 1)
- //FDB::_execute('halt', 'security_error', $sql);
- }
- }
- return true;
- }
-
- /**
- * ????
- *
- * @access private
- * @param string $sql ????
- * @return int
- */
- private function _doQuerySafe($sql)
- {
- static $_CONFIG = null;
-
- global $_FANWE;
-
- if($_CONFIG === null)
- $_CONFIG = $_FANWE['config']['security']['query'];
-
- $sql = str_replace(array('\\\\', '\\\'', '\\"', '\'\''), '', $sql);
- $mark = $clean = '';
- if(strpos($sql, '/') === false && strpos($sql, '#') === false && strpos($sql, '-- ') === false) {
- $clean = preg_replace("/'(.+?)'/s", '', $sql);
- } else {
- $len = strlen($sql);
- $mark = $clean = '';
- for ($i = 0; $i <$len; $i++) {
- $str = $sql[$i];
- switch ($str) {
- case '\'':
- if(!$mark) {
- $mark = '\'';
- $clean .= $str;
- } elseif ($mark == '\'') {
- $mark = '';
- }
- break;
- case '/':
- if(empty($mark) && $sql[$i+1] == '*') {
- $mark = '/*';
- $clean .= $mark;
- $i++;
- } elseif($mark == '/*' && $sql[$i -1] == '*') {
- $mark = '';
- $clean .= '*';
- }
- break;
- case '#':
- if(empty($mark)) {
- $mark = $str;
- $clean .= $str;
- }
- break;
- case "\n":
- if($mark == '#' || $mark == '--') {
- $mark = '';
- }
- break;
- case '-':
- if(empty($mark)&& substr($sql, $i, 3) == '-- ') {
- $mark = '-- ';
- $clean .= $mark;
- }
- break;
-
- default:
-
- break;
- }
- $clean .= $mark ? '' : $str;
- }
- }
-
- $clean = preg_replace("/[^a-z0-9_\-\(\)#\*\/\"]+/is", "", strtolower($clean));
-
- if($_CONFIG['fullnote']) {
- $clean = str_replace('/**/','',$clean);
- }
-
- /*if(is_array($_CONFIG['function'])) {
- foreach($_CONFIG['function'] as $fun) {
- if(strpos($clean, $fun.'(') !== false) return '-1';
- }
- }*/
-
- if(is_array($_CONFIG['action'])) {
- foreach($_CONFIG['action'] as $action) {
- if(strpos($clean,$action) !== false) return '-3';
- }
- }
-
- if($_CONFIG['likehex'] && strpos($clean, 'like0x')) {
- return '-2';
- }
-
- if(is_array($_CONFIG['note'])) {
- foreach($_CONFIG['note'] as $note) {
- if(strpos($clean,$note) !== false) return '-4';
- }
- }
-
- return 1;
-
- }
- }
- ?>