优化数据库参数绑定方式

hetao29 · hetao29 · commit db59da5ae194 · 2024-11-08T15:38:22.000+08:00
diff --git a/plugins/db/Db.php b/plugins/db/Db.php
@@ -92,13 +92,30 @@ private function _reInit(){
 	public function init($params){
 		if(is_object($params))$params=(array)$params;
 
-
 		if(!isset($params['engine']) || !in_array($params['engine'],$this->_allow_engines)){
 			$params['engine']=$this->_engine_name;
 		}
 		$this->params=$params;
 		$this->__setEngine($params['engine']);
 		$this->_key = implode("|",$params);
+
+		if($this->_engine_name=="mysqli" && extension_loaded('mysqli')){
+			$this->engine = new \SlightPHP\DbMysqli($this->params);
+		}elseif(extension_loaded('pdo')){
+			$this->engine = new \SlightPHP\DbPDO($this->params);
+		}else{
+			trigger_error("pdo and mysqli extension not exists",E_USER_ERROR);
+			return false;
+		}
+		$this->engine->init($this->params);
+		if($this->engine->connect()===false){
+			$this->error['code']=$this->engine->errno();
+			$this->error['msg']=$this->engine->error();
+			if(defined("DEBUG")){
+				trigger_error("{$this->_engine_name} ( ".var_export($this->error,true).")");
+			}
+			return false;
+		}
 		return true;
 	}
 	/**
@@ -146,7 +163,7 @@ public function select($table,$condition="",$item="",$groupby="",$orderby="",$le
 		//TABLE
 		$table = $this->__array2string($table,true);
 		//condition
-		$condiStr = $this->__quote($condition,"AND");
+		$condiStr = $this->__quote($condition,"AND",$params);
 
 		if($condiStr!=""){
 			$condiStr=" WHERE ".$condiStr;
@@ -204,7 +221,7 @@ public function select($table,$condition="",$item="",$groupby="",$orderby="",$le
 		$sql="SELECT $item FROM ($table) $join $condiStr $groupby $orderby_sql $limit_sql";
 		$start = microtime(true);
 
-		$result = $this->__query($sql);
+		$result = $this->__query($sql,false,$params);
 		if($result!==false){
 			$data = new DbData;
 			$data->page = (int)$this->page;
@@ -215,7 +232,7 @@ public function select($table,$condition="",$item="",$groupby="",$orderby="",$le
 			if($this->count==true){
 				if($this->limit>0){
 					$countsql="SELECT count(1) totalSize FROM ($table)$join $condiStr $groupby";
-					$result_count = $this->__query($countsql);
+					$result_count = $this->__query($countsql,false,$params);
 					if(!empty($result_count[0])){
 						$data->totalSize = (int)$result_count[0]['totalSize'];
 						$data->totalPage = (int)ceil($data->totalSize/$data->limit);
@@ -260,13 +277,13 @@ public function selectOne($table,$condition="",$item="",$groupby="",$orderby="",
 	 */
 	public function update($table,$condition,$item){
 		$table = $this->__array2string($table);
-		$value = $this->__quote($item,",");
-		$condiStr = $this->__quote($condition,"AND");
+		$value = $this->__quote($item,",",$params);
+		$condiStr = $this->__quote($condition,"AND",$params2);
 		if($condiStr!=""){
 			$condiStr=" WHERE ".$condiStr;
 		}
 		$sql="UPDATE $table SET $value $condiStr";
-		return $this->__query($sql);
+		return $this->__query($sql,false,$this->merge_params($params,$params2));
 	}
 	/**
 	 * delete
@@ -277,12 +294,15 @@ public function update($table,$condition,$item){
 	 */
 	public function delete($table,$condition){
 		$table = $this->__array2string($table);
-		$condiStr = $this->__quote($condition,"AND");
+		$condiStr = $this->__quote($condition,"AND",$params);
 		if($condiStr!=""){
 			$condiStr=" WHERE ".$condiStr;
 		}
 		$sql="DELETE FROM  $table $condiStr";
-		return $this->__query($sql);
+		return $this->__query($sql,false,$params);
+	}
+	public function escape($str){
+		return $this->engine->escape($str);
 	}
 	/**
 	 * insert
@@ -309,14 +329,24 @@ public function insert($table,$item="",$isreplace=false,$isdelayed=false,$update
 			$command.=" DELAYED ";
 		}
 
-		$f = $this->__quote($item,",");
+		$f = $this->__quote($item,",",$params);
 
 		$sql="$command INTO $table SET $f ";
-		$v = $this->__quote($update,",");
+		$v = $this->__quote($update,",",$params2);
 		if(!empty($v)){
 			$sql.="ON DUPLICATE KEY UPDATE $v";
 		}
-		return $this->__query($sql);
+		return $this->__query($sql,false,$this->merge_params($params,$params2));
+	}
+
+	/**
+	 * merge array
+	 */
+	private function merge_params(...$arr){
+		$arr = array_filter($arr,function($var){
+			return ($var && is_array($var)) ? true : false;
+		});
+		return array_merge(...$arr);
 	}
 
 	/**
@@ -326,7 +356,7 @@ public function insert($table,$item="",$isreplace=false,$isdelayed=false,$update
 	 * @return Array $result  || Boolean false
 	 */
 
-	private function __query($sql, $retry=false){
+	private function __query($sql, $retry=false, $params=[]){
 		//{{{
 		//SQL MODE 默认为DELETE，INSERT，REPLACE 或 UPDATE,不需要返回值
 		$sql_mode = 1;//1.更新模式 2.查询模式 3.插入模式
@@ -346,26 +376,8 @@ private function __query($sql, $retry=false){
 		if(defined("DEBUG")){
 			trigger_error("{$this->_engine_name} ( $sql )");
 		}
-		//Connect
-		if(extension_loaded('pdo')){
-			$this->engine = new \SlightPHP\DbPDO($this->params);
-		}elseif(extension_loaded('mysqli')){
-			$this->engine = new \SlightPHP\DbMysqli($this->params);
-		}else{
-			trigger_error("pdo and mysqli extension not exists",E_USER_ERROR);
-			return false;
-		}
-		$this->engine->init($this->params);
-		if($this->engine->connect()===false){
-			$this->error['code']=$this->engine->errno();
-			$this->error['msg']=$this->engine->error();
-			if(defined("DEBUG")){
-				trigger_error("{$this->_engine_name} ( ".var_export($this->error,true).")");
-			}
-			return false;
-		}
 
-		$result = $this->engine->query($sql);
+		$result = $this->engine->query($sql, $params);
 
 		if($result){
 			if($sql_mode==2){//查询模式
@@ -383,7 +395,7 @@ private function __query($sql, $retry=false){
 
 		if($retry===false && $this->engine->connectionError){
 			$this->_reInit();
-			return $this->__query($sql,true);
+			return $this->__query($sql,true,$params);
 		}
 		trigger_error("DB QUERY ERROR (".var_export($this->error['msg'],true)."), CODE({$this->error['code']}), SQL({$sql})",E_USER_WARNING);
 		return false;
@@ -397,7 +409,7 @@ public function execute($sql){
 		return $this->__query($sql);
 	}
 
-	private function __quote($condition,$split="AND"){
+	private function __quote($condition,$split="AND",&$params=[]){
 		$condiStr = "";
 		if(is_array($condition) || is_object($condition)){
 			$v1=array();
@@ -408,8 +420,8 @@ private function __quote($condition,$split="AND"){
 						$k = $this->__addsqlslashes($k);
 					}
 					if(!is_null($v)){
-						$v = addslashes($v);
-						$v1[]="$k = \"$v\"";
+						$params[]=$v;
+						$v1[]="$k = ?";
 					}else{
 						$v1[]="$k = NULL";
 					}
diff --git a/plugins/db/DbMysqli.php b/plugins/db/DbMysqli.php
@@ -22,6 +22,7 @@
 require_once(SLIGHTPHP_PLUGINS_DIR."/db/DbEngine.php");
 class DbMysqli implements DbEngine{
 	private $_mysqli;
+	private $_stmt;
 	private $_result;
 
 	private $_engine;
@@ -53,6 +54,11 @@ public function init($params=array()){
 			$this->{"_".$key} = $value;
 		}
 	}
+	public function __destruct(){
+		if($this->_stmt){
+			$this->_stmt->close();
+		}
+	}
 	public function connect(){
 		$host = $this->_host;
 		if($this->_persistent){
@@ -68,46 +74,60 @@ public function connect(){
 		}
 		return true;
 	}
-	public function query($sql){
+	public function query($sql, $params=[]){
 		if($this->_mysqli->connect_errno){
 			return false;
 		}
-		$this->_result= $this->_mysqli->query($sql);
-		if($this->_result){
-			return true;
+		$this->_stmt = $this->_mysqli->prepare($sql);
+		if($this->_stmt===false){
+			return false;
+		}
+		$r = $this->_stmt->execute($params);
+		if($r===false){
+			return false;
 		}
-		return false;
+		$this->_result = $this->_stmt->get_result();
+		return true;
 	}
 	public function getAll(){
 		if(!$this->_result)return false;
-		$data=array();
-		while($row= $this->_result->fetch_assoc()){$data[]=$row;};
-		return $data;
+		return $this->_result->fetch_all(MYSQLI_ASSOC);
 	}
 	public function count(){
 		if($this->_mysqli->connect_errno){
 			return false;
 		}
-		return $this->_mysqli->affected_rows;
+		if(!$this->_stmt)return false;
+		return $this->_stmt->affected_rows;
+	}
+	public function escape($str){
+		if($this->_mysqli->connect_errno){
+			return false;
+		}
+		return $this->_mysqli->real_escape_string($str);
 	}
 	public function lastId(){
 		if($this->_mysqli->connect_errno){
 			return false;
 		}
-		return $this->_mysqli->insert_id;
+		if(!$this->_stmt)return false;
+		return $this->_stmt->insert_id;
 	}
 	public function error(){
 		if($this->_mysqli->connect_error){
 			return $this->_mysqli->connect_error;
 		}
-		return $this->_mysqli->error;
+		if(!$this->_stmt)return false;
+		return $this->_stmt->error;
 	}
 	public function errno(){
 		$error=0;
 		if($this->_mysqli->connect_errno){
 			$error = $this->_mysqli->connect_errno;
 		}else{
-			$error = $this->_mysqli->errno;
+			if($this->_stmt){
+				$error = $this->_stmt->errno;
+			}
 		}
 		if($error=='2006'){
 			$this->connectionError=true;
diff --git a/plugins/db/DbPDO.php b/plugins/db/DbPDO.php
@@ -85,24 +85,26 @@ public function connect(){
 		}
 		return true;
 	}
-	public function query($sql){
+	public function query($sql,$params=[]){
 		if(!$this->_pdo)return false;
 		$this->_stmt = $this->_pdo->prepare($sql);
-		if($this->_stmt && $this->_stmt->execute ()!==false){
-			return true;
+		if($this->_stmt){
+			return $this->_stmt->execute($params);
 		}
 		return false;
 	}
 	public function getAll(){
-		if($this->_stmt){
-			return $this->_stmt->fetchAll (\PDO::FETCH_ASSOC );
-		}
-		return false;
+		if(!$this->_stmt)return false;
+		return $this->_stmt->fetchAll(\PDO::FETCH_ASSOC);
 	}
 	public function count(){
 		if(!$this->_stmt)return false;
 		return $this->_stmt->rowCount();
 	}
+	public function escape($str){
+		if(!$this->_pdo)return false;
+		return trim($this->_pdo->quote($str),"'");
+	}
 	public function lastId(){
 		if(!$this->_pdo)return false;
 		return $this->_pdo->lastInsertId();

Original file line number	Diff line number	Diff line change
`@@ -85,24 +85,26 @@ public function connect(){`
`85`	`85`	`}`
`86`	`86`	`return true;`
`87`	`87`	`}`
`88`		`- public function query($sql){`
	`88`	`+ public function query($sql,$params=[]){`
`89`	`89`	`if(!$this->_pdo)return false;`
`90`	`90`	`$this->_stmt = $this->_pdo->prepare($sql);`
`91`		`- if($this->_stmt && $this->_stmt->execute ()!==false){`
`92`		`- return true;`
	`91`	`+ if($this->_stmt){`
	`92`	`+ return $this->_stmt->execute($params);`
`93`	`93`	`}`
`94`	`94`	`return false;`
`95`	`95`	`}`
`96`	`96`	`public function getAll(){`
`97`		`- if($this->_stmt){`
`98`		`- return $this->_stmt->fetchAll (\PDO::FETCH_ASSOC );`
`99`		`- }`
`100`		`- return false;`
	`97`	`+ if(!$this->_stmt)return false;`
	`98`	`+ return $this->_stmt->fetchAll(\PDO::FETCH_ASSOC);`
`101`	`99`	`}`
`102`	`100`	`public function count(){`
`103`	`101`	`if(!$this->_stmt)return false;`
`104`	`102`	`return $this->_stmt->rowCount();`
`105`	`103`	`}`
	`104`	`+ public function escape($str){`
	`105`	`+ if(!$this->_pdo)return false;`
	`106`	`+ return trim($this->_pdo->quote($str),"'");`
	`107`	`+ }`
`106`	`108`	`public function lastId(){`
`107`	`109`	`if(!$this->_pdo)return false;`
`108`	`110`	`return $this->_pdo->lastInsertId();`