防止sql 注入
function inject_check($sql_str){
$check= eregi('select|insert|update|delete|\'|\*|\.\.\/|union|into|load_file|outfile|and',$sql_str);
if($check){
echo"输入非法注入内容";
exit();
}else{
return ($sql_str);
}
}
public function Get_admin_msg($url, $show = '操作已成功!') {
$msg = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<link rel="stylesheet" href="css/common.css" type="text/css" />
<meta http-equiv="refresh" content="2; URL=' . $url . '" />
<title>管理区域</title>
</head>
<body>
<div id="man_zone">
<table width="30%" border="1" align="center" cellpadding="3" cellspacing="0" class="table" style="margin-top:100px;">
<tr>
<th align="center" style="background:#cef">信息提示</th>
</tr>
<tr>
<td><p>' . $show . '<br />
2秒后返回指定页面!<br />
如果浏览器无法跳转,<a href="' . $url . '">请点击此处</a>。</p></td>
</tr>
</table>
</div>
</body>
</html>';
echo $msg;
exit ();
}
对数据库进行增删改查
function select($fields,$table,$where='')
{
$data = explode(',',$fields);
$field = "`".implode('`,`',array_values($data))."`";
$sql=" SELECT $field";
$sql.=" FROM `$table` ";
$sql.=$where;
echo $sql;
$rs = mysql_query ( $sql );
$arr = array ();
$i=0;
while ( $row = mysql_fetch_array ( $rs ) ) {
$arr [$i] = $row;
$i ++;
}
return $arr;
}
$AA = select('id,username,password','user',"where `username`='lh'");
print_r($AA);
// 添加
// $table:表名
// $data:数据数组
//
function ins($table, $data)
{
$fields = "`".implode('`,`',array_keys($data))."`";
$values = "'".implode("','",array_values($data))."'";
$q = "INSERT INTO `$table` ($fields) VALUES ($values)";
//echo $q;
$res = mysql_query($q)OR die(mysql_error());
return $res;
}
// 修改
//$table:表名
// $data:数据数组
// $where:更新条件
function upd($table,$data,$where)
{
$keys=array_keys($data);
$values=array_values($data);
$set='';
$count=count($data);
for($i=0;$i<$count-1;$i++)
$set.="`$keys[$i]`='$values[$i]'".",";
$num = $count-1;
$set.="`$keys[$num]`='$values[$num]'";
$sql="UPDATE `$table` SET $set WHERE $where";
//echo $sql;
$res = mysql_query($sql)OR die(mysql_error());
return $res;
}
// 删除
// $table: 表名
// $where: 删除条件
function del($table,$where)
{
$sql = "DELETE FROM `$table` ";
$sql.=$where;
echo $sql;
$res = mysql_query($sql)OR die(mysql_error());
return $res;
}
function inject_check($sql_str){
$check= eregi('select|insert|update|delete|\'|\*|\.\.\/|union|into|load_file|outfile|and',$sql_str);
if($check){
echo"输入非法注入内容";
exit();
}else{
return ($sql_str);
}
}
public function Get_admin_msg($url, $show = '操作已成功!') {
$msg = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<link rel="stylesheet" href="css/common.css" type="text/css" />
<meta http-equiv="refresh" content="2; URL=' . $url . '" />
<title>管理区域</title>
</head>
<body>
<div id="man_zone">
<table width="30%" border="1" align="center" cellpadding="3" cellspacing="0" class="table" style="margin-top:100px;">
<tr>
<th align="center" style="background:#cef">信息提示</th>
</tr>
<tr>
<td><p>' . $show . '<br />
2秒后返回指定页面!<br />
如果浏览器无法跳转,<a href="' . $url . '">请点击此处</a>。</p></td>
</tr>
</table>
</div>
</body>
</html>';
echo $msg;
exit ();
}
对数据库进行增删改查
function select($fields,$table,$where='')
{
$data = explode(',',$fields);
$field = "`".implode('`,`',array_values($data))."`";
$sql=" SELECT $field";
$sql.=" FROM `$table` ";
$sql.=$where;
echo $sql;
$rs = mysql_query ( $sql );
$arr = array ();
$i=0;
while ( $row = mysql_fetch_array ( $rs ) ) {
$arr [$i] = $row;
$i ++;
}
return $arr;
}
$AA = select('id,username,password','user',"where `username`='lh'");
print_r($AA);
// 添加
// $table:表名
// $data:数据数组
//
function ins($table, $data)
{
$fields = "`".implode('`,`',array_keys($data))."`";
$values = "'".implode("','",array_values($data))."'";
$q = "INSERT INTO `$table` ($fields) VALUES ($values)";
//echo $q;
$res = mysql_query($q)OR die(mysql_error());
return $res;
}
// 修改
//$table:表名
// $data:数据数组
// $where:更新条件
function upd($table,$data,$where)
{
$keys=array_keys($data);
$values=array_values($data);
$set='';
$count=count($data);
for($i=0;$i<$count-1;$i++)
$set.="`$keys[$i]`='$values[$i]'".",";
$num = $count-1;
$set.="`$keys[$num]`='$values[$num]'";
$sql="UPDATE `$table` SET $set WHERE $where";
//echo $sql;
$res = mysql_query($sql)OR die(mysql_error());
return $res;
}
// 删除
// $table: 表名
// $where: 删除条件
function del($table,$where)
{
$sql = "DELETE FROM `$table` ";
$sql.=$where;
echo $sql;
$res = mysql_query($sql)OR die(mysql_error());
return $res;
}
扫一扫
965
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
