Foreword: The PHP7+ version has removed the mysql extension and supports mysqli and PDO by default. Compared with mysqli, PDO supports more database types and pre-query security features that mysqli does not have.
First create a class file MyPDO.php
.
<?php
class MyPDO {
private static $handler;
public function __construct($host = '127.0.0.1', $username = 'root',
$passwd = '', $dbname = 'test') {
if (!self::$handler) {
self::$handler = new PDO("mysql:host=$host;dbname=$dbname", $username, $passwd);
self::$handler->query("SET NAMES UTF8");
}
return self::$handler;
}
/**
* 插入数据
* @return 插入数据后自增id
*/
public function insert($table, $data){
$fields = implode(',', array_keys($data));
$values = implode("','", array_values($data));
$sql = "INSERT INTO {
$table} ( {
$fields}) VALUES ( '{
$values}' )";
self::$handler->exec($sql);
return self::$handler->lastInsertId();
}
/**
* 删除数据
* @return 受影响行数
*/
public function delete($table, $condition){
$condition = $this->ArrayToString($condition, 'AND');
$sql = "DELETE FROM {
$table} WHERE {
$condition}";
return self::$handler->exec($sql);
}
/**
* 更新数据
* @return 受影响行数
*/
public function update($table, $data, $condition){
$data = $this->ArrayToString($data, ',');
$condition = $this->ArrayToString($condition, 'AND');
$sql = "UPDATE {
$table} SET {
$data} WHERE {
$condition}";
return self::$handler->exec($sql);
}
/**
* 设置数据查询返回类型,PDO默认键对和索引双重形式返回。
* @param $fetchMode PDO::FETCH_* 或者数字
* PDO::FETCH_ASSOC = 2 返回数组
* PDO::FETCH_OBJ = 5 返回对象
*/
private $fetchMode = PDO::FETCH_ASSOC;
public function setAllFetchMode($fetchMode){
$this->fetchMode = $fetchMode;
}
/**
* 查询单条数据
* @return array
*/
public function row($table, $condition, $fields = '*'){
$condition = $this->ArrayToString($condition, 'AND');
$sql = "SELECT {
$fields} FROM {
$table} WHERE {
$condition} LIMIT 1";
return self::$handler->query($sql)->fetch($this->fetchMode);
}
/**
* 查询多条数据
* @return array
*/
public function result($table, $condition, $fields = '*') {
$condition = $this->ArrayToString($condition, 'AND');
$sql = "SELECT {
$fields} FROM {
$table} WHERE {
$condition}";
return self::$handler->query($sql)->fetchAll($this->fetchMode);
}
/**
* 数组转字符串
*/
private function ArrayToString($data, $connector){
if(!is_array($data) ){
return $data;
}
$str = '';
foreach ($data as $k => $v) {
$str .= " $k = '$v' $connector";
}
return rtrim($str, $connector);
}
/**
* 使用了预查询,防SQL注入
*/
public function safeQuery($table, $condition, $fields = '*'){
if(!is_array($condition)){
exit('条件必须是数组');
}
$str = '';
foreach ($condition as $k => $v) {
$str .= " $k = :$k AND";
}
$sql = "SELECT {
$fields} FROM {
$table} WHERE ".trim($str,'AND');
$sth = self::$handler->prepare($sql);
$sth->execute($condition);
return $sth->fetchAll($this->fetchMode);
}
}
Test code
<?php
//自动加载类
sql_autoload_rigister(function($className){
require_once $className.'php';
});
$pdo = new MyPDO();
echo '插入id:'.$pdo->insert('users', ['name' => '红辣椒']);
echo '<br>';
echo '插入id:'.$pdo->insert('users', ['name' => '孙悟空']);
echo '<br>';
echo '更新条数:'.$pdo->update('users', ['name' => '琦玉'], ['name' => '孙悟空']);
echo '<br>';
echo '<pre>';
echo '单行:';
$row = $pdo->row('users', ['name' => '红辣椒']);
print_r($row);
echo '多行:被SQL注入的';
$result1 = $pdo->result('users',['name' => "1' or '1"]);
print_r($result1);
echo '多行:防SQL注入的';
$result2 = $pdo->safeQuery('users',['name' => "1' or '1"]);
print_r($result2);
echo '删除条数:'.$pdo->delete('users'," name = '红辣椒'");