前言:PHP7+版本已經移除了mysql擴展,默認支持mysqli和PDO。相較mysqli來說,PDO支持更多的數據庫類型和預查詢安全功能是mysqli不具備的。
首先建立一個類文件MyPDO.php
。
<?php
class MyPDO {
private static $handler;
public function __construct($host = '127.0.0.1', $username = 'root',
$passwd = '', $dbname = 'test') {
if (!self::$handler) {
self::$handler = new PDO("mysql:host=$host;dbname=$dbname", $username, $passwd);
self::$handler->query("SET NAMES UTF8");
}
return self::$handler;
}
/**
* 插入數據
* @return 插入數據後自增id
*/
public function insert($table, $data){
$fields = implode(',', array_keys($data));
$values = implode("','", array_values($data));
$sql = "INSERT INTO {$table} ( {$fields}) VALUES ( '{$values}' )";
self::$handler->exec($sql);
return self::$handler->lastInsertId();
}
/**
* 刪除數據
* @return 受影響行數
*/
public function delete($table, $condition){
$condition = $this->ArrayToString($condition, 'AND');
$sql = "DELETE FROM {$table} WHERE {$condition}";
return self::$handler->exec($sql);
}
/**
* 更新數據
* @return 受影響行數
*/
public function update($table, $data, $condition){
$data = $this->ArrayToString($data, ',');
$condition = $this->ArrayToString($condition, 'AND');
$sql = "UPDATE {$table} SET {$data} WHERE {$condition}";
return self::$handler->exec($sql);
}
/**
* 設置數據查詢返回類型,PDO默認鍵對和索引雙重形式返回。
* @param $fetchMode PDO::FETCH_* 或者數字
* PDO::FETCH_ASSOC = 2 返回數組
* PDO::FETCH_OBJ = 5 返回對象
*/
private $fetchMode = PDO::FETCH_ASSOC;
public function setAllFetchMode($fetchMode){
$this->fetchMode = $fetchMode;
}
/**
* 查詢單條數據
* @return array
*/
public function row($table, $condition, $fields = '*'){
$condition = $this->ArrayToString($condition, 'AND');
$sql = "SELECT {$fields} FROM {$table} WHERE {$condition} LIMIT 1";
return self::$handler->query($sql)->fetch(PDO::FETCH_ASSOC);
}
/**
* 查詢多條數據
* @return array
*/
public function result($table, $condition, $fields = '*') {
$condition = $this->ArrayToString($condition, 'AND');
$sql = "SELECT {$fields} FROM {$table} WHERE {$condition}";
return self::$handler->query($sql)->fetchAll(PDO::FETCH_ASSOC);
}
/**
* 數組轉字符串
*/
private function ArrayToString($data, $connector){
if(!is_array($data) ){
return $data;
}
$str = '';
foreach ($data as $k => $v) {
$str .= " $k = '$v' $connector";
}
return rtrim($str, $connector);
}
/**
* 使用了預查詢,防SQL注入
*/
public function safeQuery($table, $condition, $fields = '*'){
if(!is_array($condition)){
exit('條件必須是數組');
}
$str = '';
foreach ($condition as $k => $v) {
$str .= " $k = :$k AND";
}
$sql = "SELECT {$fields} FROM {$table} WHERE ".trim($str,'AND');
$sth = self::$handler->prepare($sql);
$sth->execute($condition);
return $sth->fetchAll(PDO::FETCH_ASSOC);
}
}
測試代碼
<?php
//自動加載類
sql_autoload_rigister(function($className){
require_once $className.'php';
});
$pdo = new MyPDO();
echo '插入id:'.$pdo->insert('users', ['name' => '紅辣椒']);
echo '<br>';
echo '插入id:'.$pdo->insert('users', ['name' => '孫悟空']);
echo '<br>';
echo '更新條數:'.$pdo->update('users', ['name' => '琦玉'], ['name' => '孫悟空']);
echo '<br>';
echo '<pre>';
echo '單行:';
$row = $pdo->row('users', ['name' => '紅辣椒']);
print_r($row);
echo '多行:被SQL注入的';
$result1 = $pdo->result('users',['name' => "1' or '1"]);
print_r($result1);
echo '多行:防SQL注入的';
$result2 = $pdo->safeQuery('users',['name' => "1' or '1"]);
print_r($result2);
echo '刪除條數:'.$pdo->delete('users'," name = '紅辣椒'");