inject.php

<?php
function inject_check($Sql_Str) {//自动过滤Sql的注入语句。
    $check=preg_match('/select|insert|update|delete|\'|\\*|\*|\.\.\/|\.\/|union|into|load_file|outfile/i',$Sql_Str);
    if ($check) {
        echo '<script language="JavaScript">alert("系统警告：\n\n请不要尝试在参数中包含非法字符尝试注入！");</script>';
        exit();
    }else{
        return $Sql_Str;
    }
}

/* echo "<pre>";
print_r ($_REQUEST); */
$string=implode(',',$_REQUEST);
//echo $string;

inject_check($string);

config.php

<?php
header("Content-Type: text/html;charset=utf-8");

/*防注入*/
require_once('inject.php');

/*mysql配置*/
$con = mysql_connect("localhost","root","root");
mysql_query("SET NAMES UTF8");
mysql_select_db("user", $con);

/*memcache配置*/
$mem = new Memcache();
$mem->connect("localhost",11211);
$m_time = 3;//缓存时间设置
    
/*一个动作对应一个sql语句*/    
$sql=array(
        "all"=>"select * from tables",
        "where"=>"select * from tables where id = {id}",
        "page"=>"select * from tables limit {a},{b}",
        "add"=>"INSERT INTO tables (one) VALUES ('{one}')"
    );
    
?>

index.php

<?php
    /*加载配置文件*/
    include("config.php");
    
    /*构造sql语句*/
    foreach ($sql as $key=>$value){
        if(@$_REQUEST['action']==$key){
            $a = str_replace("{","\".\$_REQUEST['",$value);
            $b = str_replace("}","'].\"",$a);
        }
    }   
    
    /*sql语句程序化*/
    eval("\$sql = \"".$b."\";");
    
    /*获取指定缓存*/
    $str = $mem->get(@$_REQUEST['action']);
    
    if($str==null){
        
        /*缓存不存在则查询数据库*/
        $result = mysql_query($sql);
        while(@$row = mysql_fetch_array($result)){
            $array[] = $row;
        }
        $data = json_encode($array);
        
        /*把查询到的数据放进缓存里*/
        $res = $mem->set(@$_REQUEST['action'],$data, MEMCACHE_COMPRESSED,$m_time);
        
        /*查询缓存里的数据*/
        $str = $mem->get(@$_REQUEST['action']);
        echo $str;
    
    }else{
        
        /*缓存存在则直接查询缓存*/
        echo $str;
        
    }

?>