<?phpclass mysql { private $db_host; private $db_user; private $db_pwd; private $db_database; private $conn; private $result; private $sql; private $row; private $coding; private $bulletin = true; private $show_error = false; private $is_error = false; public function __construct($db_host, $db_user, $db_pwd, $db_database, $conn, $coding) { $this->db_host = $db_host; $this->db_user = $db_user; $this->db_pwd = $db_pwd; $this->db_database = $db_database; $this->conn = $conn; $this->coding = $coding; $this->connect(); } public function connect() { if ($this->conn == "pconn") { $this->conn = mysql_pconnect($this->db_host, $this->db_user, $this->db_pwd); } else { $this->conn = mysql_connect($this->db_host, $this->db_user, $this->db_pwd); } if (!mysql_select_db($this->db_database, $this->conn)) { if ($this->show_error) { $this->show_error("数据库不可用:", $this->db_database); } } mysql_query("SET NAMES $this->coding"); } public function query($sql) { if ($sql == "") { $this->show_error("SQL语句错误:", "SQL查询语句为空"); } $this->sql = $sql; $result = mysql_query($this->sql, $this->conn); if (!$result) { if ($this->show_error) { $this->show_error("错误SQL语句:", $this->sql); } } else { $this->result = $result; } return $this->result; } public function create_database($database_name) { $database = $database_name; $sqlDatabase = 'create database ' . $database; $this->query($sqlDatabase); } public function show_databases() { $this->query("show databases"); echo "现有数据库:" . $amount = $this->db_num_rows($rs); echo "<br />"; $i = 1; while ($row = $this->fetch_array($rs)) { echo "$i $row[Database]"; echo "<br />"; $i++; } } public function databases() { $rsPtr = mysql_list_dbs($this->conn); $i = 0; $cnt = mysql_num_rows($rsPtr); while ($i < $cnt) { $rs[] = mysql_db_name($rsPtr, $i); $i++; } return $rs; } public function show_tables($database_name) { $this->query("show tables"); echo "现有数据库:" . $amount = $this->db_num_rows($rs); echo "<br />"; $i = 1; while ($row = $this->fetch_array($rs)) { $columnName = "Tables_in_" . $database_name; echo "$i $row[$columnName]"; echo "<br />"; $i++; } } public function mysql_result_li() { return mysql_result($str); } public function fetch_array($resultt="") { if($resultt<>""){ return mysql_fetch_array($resultt); }else{ return mysql_fetch_array($this->result); } } public function fetch_assoc() { return mysql_fetch_assoc($this->result); } public function fetch_row() { return mysql_fetch_row($this->result); } public function fetch_Object() { return mysql_fetch_object($this->result); } public function findall($table) { $this->query("SELECT * FROM $table"); } public function select($table, $columnName = "*", $condition = '', $debug = '') { $condition = $condition ? ' Where ' . $condition : NULL; if ($debug) { echo "SELECT $columnName FROM $table $condition"; } else { $this->query("SELECT $columnName FROM $table $condition"); } } public function delete($table, $condition, $url = '') { if ($this->query("DELETE FROM $table WHERE $condition")) { if (!empty ($url)) $this->Get_admin_msg($url, '删除成功!'); } } public function insert($table, $columnName, $value, $url = '') { if ($this->query("INSERT INTO $table ($columnName) VALUES ($value)")) { if (!empty ($url)) $this->Get_admin_msg($url, '添加成功!'); } } public function update($table, $mod_content, $condition, $url = '') { if ($this->query("UPDATE $table SET $mod_content WHERE $condition")) { if (!empty ($url)) $this->Get_admin_msg($url); } } public function insert_id() { return mysql_insert_id(); } public function db_data_seek($id) { if ($id > 0) { $id = $id -1; } if (!@ mysql_data_seek($this->result, $id)) { $this->show_error("SQL语句有误:", "指定的数据为空"); } return $this->result; } public function db_num_rows() { if ($this->result == null) { if ($this->show_error) { $this->show_error("SQL语句错误", "暂时为空,没有任何内容!"); } } else { return mysql_num_rows($this->result); } } public function db_affected_rows() { return mysql_affected_rows(); } public function show_error($message = "", $sql = "") { if (!$sql) { echo "<font color='red'>" . $message . "</font>"; echo "<br />"; } else { echo "<fieldset>"; echo "<legend>错误信息提示:</legend><br />"; echo "<div style='font-size:14px; clear:both; font-family:Verdana, Arial, Helvetica, sans-serif;'>"; echo "<div style='height:20px; background:#000000; border:1px #000000 solid'>"; echo "<font color='white'>错误号:12142</font>"; echo "</div><br />"; echo "错误原因:" . mysql_error() . "<br /><br />"; echo "<div style='height:20px; background:#FF0000; border:1px #FF0000 solid'>"; echo "<font color='white'>" . $message . "</font>"; echo "</div>"; echo "<font color='red'><pre>" . $sql . "</pre></font>"; $ip = $this->getip(); if ($this->bulletin) { $time = date("Y-m-d H:i:s"); $message = $message . "\r\n$this->sql" . "\r\n客户IP:$ip" . "\r\n时间 :$time" . "\r\n\r\n"; $server_date = date("Y-m-d"); $filename = $server_date . ".txt"; $file_path = "error/" . $filename; $error_content = $message; $file = "error"; if (!file_exists($file)) { if (!mkdir($file, 0777)) { die("upload files directory does not exist and creation failed"); } } if (!file_exists($file_path)) { fopen($file_path, "w+"); if (is_writable($file_path)) { if (!$handle = fopen($file_path, 'a')) { echo "不能打开文件 $filename"; exit; } if (!fwrite($handle, $error_content)) { echo "不能写入到文件 $filename"; exit; } echo "——错误记录被保存!"; fclose($handle); } else { echo "文件 $filename 不可写"; } } else { if (is_writable($file_path)) { if (!$handle = fopen($file_path, 'a')) { echo "不能打开文件 $filename"; exit; } if (!fwrite($handle, $error_content)) { echo "不能写入到文件 $filename"; exit; } echo "——错误记录被保存!"; fclose($handle); } else { echo "文件 $filename 不可写"; } } } echo "<br />"; if ($this->is_error) { exit; } } echo "</div>"; echo "</fieldset>"; echo "<br />"; } public function free() { @ mysql_free_result($this->result); } public function select_db($db_database) { return mysql_select_db($db_database); } public function num_fields($table_name) { $this->query("select * from $table_name"); echo "<br />"; echo "字段数:" . $total = mysql_num_fields($this->result); echo "<pre>"; for ($i = 0; $i < $total; $i++) { print_r(mysql_fetch_field($this->result, $i)); } echo "</pre>"; echo "<br />"; } public function mysql_server($num = '') { switch ($num) { case 1 : return mysql_get_server_info(); break; case 2 : return mysql_get_host_info(); break; case 3 : return mysql_get_client_info(); break; case 4 : return mysql_get_proto_info(); break; default : return mysql_get_client_info(); } } public function __destruct() { if (!empty ($this->result)) { $this->free(); } mysql_close($this->conn); } function getip() { if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown")) { $ip = getenv("HTTP_CLIENT_IP"); } else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown")) { $ip = getenv("HTTP_X_FORWARDED_FOR"); } else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")) { $ip = getenv("REMOTE_ADDR"); } else if (isset ($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown")) { $ip = $_SERVER['REMOTE_ADDR']; } else { $ip = "unknown"; } return ($ip); } function inject_check($sql_str) { $check = eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile', $sql_str); if ($check) { echo "输入非法注入内容!"; exit (); } else { return $sql_str; } } function checkurl() { if (preg_replace("/https?:\/\/([^\:\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) !== preg_replace("/([^\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])) { header("Location: http://www.dareng.com"); exit(); } } }?> |
