DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
170 Commits
3 Branches
110MB
Tree: ac9141298b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ac9141298b'
${ noResults }
DedeV6/src/include/dedesqli.class.php

747 lines
22KB
Raw Blame History 

  1. <?php   if(!defined('DEDEINC')) exit("Request Error!");

  2. /**

  3.  * 数据库类

  4.  * 说明:系统底层数据库核心类

  5.  *      调用这个类前,请先设定这些外部变量

  6.  *      $GLOBALS['cfg_dbhost'];

  7.  *      $GLOBALS['cfg_dbuser'];

  8.  *      $GLOBALS['cfg_dbpwd'];

  9.  *      $GLOBALS['cfg_dbname'];

  10.  *      $GLOBALS['cfg_dbprefix'];

  11.  *

  12.  * @version        $Id: dedesqli.class.php 1 15:00 2011-1-21 tianya $

  13.  * @package        DedeCMS.Libraries

  14.  * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.

  15.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  16.  * @license        https://www.dedebiz.com/license/v6

  17.  * @link           https://www.dedebiz.com

  18.  */

  19. @set_time_limit(0);

  20. // 在工程所有文件中均不需要单独初始化这个类,可直接用 $dsql 或 $db 进行操作

  21. // 为了防止错误,操作完后不必关闭数据库

  22. if (!function_exists("mysqli_init") ) {

  23.     echo "DedeCMS提示:尚未发现开启mysqli模块,请在php.ini中启用`extension=mysqli`。";

  24.     exit;

  25. }

  26. 

  27. $dsql = $dsqli = $db = new DedeSqli(FALSE);

  28. /**

  29.  * Dede MySQLi数据库类

  30.  *

  31.  * @package        DedeSqli

  32.  * @subpackage     DedeCMS.Libraries

  33.  * @link           http://www.dedecms.com

  34.  */

  35. if (!defined('MYSQL_BOTH')) {

  36.      define('MYSQL_BOTH',MYSQLI_BOTH);

  37. }

  38. 

  39. if (!defined('MYSQL_ASSOC')) {

  40.     define('MYSQL_ASSOC', MYSQLI_ASSOC);

  41. }

  42. class DedeSqli

  43. {

  44.     var $linkID;

  45.     var $dbHost;

  46.     var $dbUser;

  47.     var $dbPwd;

  48.     var $dbName;

  49.     var $dbPrefix;

  50.     var $result;

  51.     var $queryString;

  52.     var $parameters;

  53.     var $isClose;

  54.     var $safeCheck;

  55. 	var $showError=false;

  56.     var $recordLog=false; // 记录日志到data/mysqli_record_log.inc便于进行调试

  57. 	var $isInit=false;

  58. 	var $pconnect=false;

  59. 

  60.     //用外部定义的变量初始类,并连接数据库

  61.     function __construct($pconnect=FALSE,$nconnect=FALSE)

  62.     {

  63.         $this->isClose = FALSE;

  64.         $this->safeCheck = TRUE;

  65. 		$this->pconnect = $pconnect;

  66.         if($nconnect)

  67.         {

  68.             $this->Init($pconnect);

  69.         }

  70.     }

  71. 

  72.     function DedeSql($pconnect=FALSE,$nconnect=TRUE)

  73.     {

  74.         $this->__construct($pconnect,$nconnect);

  75.     }

  76. 

  77.     function Init($pconnect=FALSE)

  78.     {

  79.         $this->linkID = 0;

  80.         //$this->queryString = '';

  81.         //$this->parameters = Array();

  82.         $this->dbHost   =  $GLOBALS['cfg_dbhost'];

  83.         $this->dbUser   =  $GLOBALS['cfg_dbuser'];

  84.         $this->dbPwd    =  $GLOBALS['cfg_dbpwd'];

  85.         $this->dbName   =  $GLOBALS['cfg_dbname'];

  86.         $this->dbPrefix =  $GLOBALS['cfg_dbprefix'];

  87.         $this->result["me"] = 0;

  88.         $this->Open($pconnect);

  89.     }

  90. 

  91.     //用指定参数初始数据库信息

  92.     function SetSource($host,$username,$pwd,$dbname,$dbprefix="dede_")

  93.     {

  94.         $this->dbHost = $host;

  95.         $this->dbUser = $username;

  96.         $this->dbPwd = $pwd;

  97.         $this->dbName = $dbname;

  98.         $this->dbPrefix = $dbprefix;

  99.         $this->result["me"] = 0;

  100.     }

  101.     function SelectDB($dbname)

  102.     {

  103.         mysqli_select_db($this->linkID, $dbname);

  104.     }

  105. 

  106.     //设置SQL里的参数

  107.     function SetParameter($key,$value)

  108.     {

  109.         $this->parameters[$key]=$value;

  110.     }

  111. 

  112.     //连接数据库

  113.     function Open($pconnect=FALSE)

  114.     {

  115.         global $dsqli;

  116.         //连接数据库

  117.         if($dsqli && !$dsqli->isClose && $dsqli->isInit)

  118.         {

  119.             $this->linkID = $dsqli->linkID;

  120.         }

  121.         else

  122.         {

  123.             $i = 0;

  124.             @list($dbhost, $dbport) = explode(':', $this->dbHost);

  125.             !$dbport && $dbport = 3306;

  126. 

  127.             $this->linkID = mysqli_init();

  128.             mysqli_real_connect($this->linkID, $dbhost, $this->dbUser, $this->dbPwd, false, $dbport);

  129.             mysqli_errno($this->linkID) != 0 && $this->DisplayError('DedeCMS错误警告: 链接('.$this->pconnect.') 到MySQL发生错误');

  130. 

  131. 

  132.             //复制一个对象副本

  133.             CopySQLiPoint($this);

  134.         }

  135. 

  136.         //处理错误,成功连接则选择数据库

  137.         if(!$this->linkID)

  138.         {

  139.             $this->DisplayError("DedeCMS错误警告:<font color='red'>连接数据库失败,可能数据库密码不对或数据库服务器出错!</font>");

  140.             exit();

  141.         }

  142. 		$this->isInit = TRUE;

  143.         $serverinfo = mysqli_get_server_info($this->linkID);

  144.         if ($serverinfo > '4.1' && $GLOBALS['cfg_db_language'])

  145.         {

  146.             mysqli_query($this->linkID, "SET character_set_connection=" . $GLOBALS['cfg_db_language'] . ",character_set_results=" . $GLOBALS['cfg_db_language'] . ",character_set_client=binary");

  147.         }

  148.         if ($serverinfo > '5.0') {

  149.             mysqli_query($this->linkID, "SET sql_mode=''");

  150.         }

  151.         if ($this->dbName && !@mysqli_select_db($this->linkID, $this->dbName)) {

  152.             $this->DisplayError('无法使用数据库');

  153.         }

  154.         return TRUE;

  155.     }

  156. 

  157.     //为了防止采集等需要较长运行时间的程序超时,在运行这类程序时设置系统等待和交互时间

  158.     function SetLongLink()

  159.     {

  160.         if ($this->linkID) {

  161.             @mysqli_query($this->linkID, "SET interactive_timeout=3600, wait_timeout=3600 ;");

  162.         }

  163.         

  164.     }

  165. 

  166.     //获得错误描述

  167.     function GetError()

  168.     {

  169.         $str = mysqli_error($this->linkID);

  170.         return $str;

  171.     }

  172. 

  173.     //关闭数据库

  174.     //mysql能自动管理非持久连接的连接池

  175.     //实际上关闭并无意义并且容易出错,所以取消这函数

  176.     function Close($isok=FALSE)

  177.     {

  178.         $this->FreeResultAll();

  179.         if($isok)

  180.         {

  181.             @mysqli_close($this->linkID);

  182.             $this->isClose = TRUE;

  183.             $GLOBALS['dsql'] = NULL;

  184.         }

  185.     }

  186. 

  187.     //定期清理死连接

  188.     function ClearErrLink()

  189.     {

  190.     }

  191. 

  192.     //关闭指定的数据库连接

  193.     function CloseLink($dblink)

  194.     {

  195.         @mysqli_close($dblink);

  196.     }

  197. 

  198.     function Esc( $_str )

  199.     {

  200.         if ( version_compare( phpversion(), '4.3.0', '>=' ) )

  201.         {

  202.             return @mysqli_real_escape_string($this->linkID, $_str );

  203.         } else {

  204.             return @mysqli_escape_string ($this->linkID, $_str );

  205.         }

  206.     }

  207. 

  208.     //执行一个不返回结果的SQL语句,如update,delete,insert等

  209.     function ExecuteNoneQuery($sql='')

  210.     {

  211.         global $dsqli;

  212. 		if(!$dsqli->isInit)

  213. 		{

  214. 			$this->Init($this->pconnect);

  215. 		}

  216.         if($dsqli->isClose)

  217.         {

  218.             $this->Open(FALSE);

  219.             $dsqli->isClose = FALSE;

  220.         }

  221.         if(!empty($sql))

  222.         {

  223.             $this->SetQuery($sql);

  224.         }else{

  225.             return FALSE;

  226.         }

  227.         if(is_array($this->parameters))

  228.         {

  229.             foreach($this->parameters as $key=>$value)

  230.             {

  231.                 $this->queryString = str_replace("@".$key,"'$value'",$this->queryString);

  232.             }

  233.         }

  234.         //SQL语句安全检查

  235.         if($this->safeCheck) CheckSql($this->queryString,'update');

  236. 

  237.         $t1 = ExecTime();

  238.         $rs = mysqli_query($this->linkID, $this->queryString);

  239. 

  240.         //查询性能测试

  241.         if($this->recordLog) {

  242. 			$queryTime = ExecTime() - $t1;

  243.             $this->RecordLog($queryTime);

  244.         }

  245.         if (DEBUG_LEVEL===TRUE) {

  246.             $queryTime = ExecTime() - $t1;

  247.             echo "<div style='width:98%;margin:1rem auto;color: #155724;background-color: #d4edda;border-color: #c3e6cb;position: relative;padding: .75rem 1.25rem;border: 1px solid transparent;border-radius: .25rem;'>执行SQL:".$this->queryString.",执行时间:<b>{$queryTime}</b></div>\r\n";

  248.         }

  249. 

  250.         return $rs;

  251.     }

  252. 

  253. 

  254.     //执行一个返回影响记录条数的SQL语句,如update,delete,insert等

  255.     function ExecuteNoneQuery2($sql='')

  256.     {

  257.         global $dsqli;

  258. 		if(!$dsqli->isInit)

  259. 		{

  260. 			$this->Init($this->pconnect);

  261. 		}

  262.         if($dsqli->isClose)

  263.         {

  264.             $this->Open(FALSE);

  265.             $dsqli->isClose = FALSE;

  266.         }

  267. 

  268.         if(!empty($sql))

  269.         {

  270.             $this->SetQuery($sql);

  271.         }

  272.         if(is_array($this->parameters))

  273.         {

  274.             foreach($this->parameters as $key=>$value)

  275.             {

  276.                 $this->queryString = str_replace("@".$key,"'$value'",$this->queryString);

  277.             }

  278.         }

  279.         $t1 = ExecTime();

  280.         mysqli_query($this->linkID, $this->queryString);

  281. 

  282.         //查询性能测试

  283.         if($this->recordLog) {

  284. 			$queryTime = ExecTime() - $t1;

  285.             $this->RecordLog($queryTime);

  286.             //echo $this->queryString."--{$queryTime}<hr />\r\n";

  287.         }

  288.         if (DEBUG_LEVEL===TRUE) {

  289.             $queryTime = ExecTime() - $t1;

  290.             echo "<div style='width:98%;margin:1rem auto;color: #155724;background-color: #d4edda;border-color: #c3e6cb;position: relative;padding: .75rem 1.25rem;border: 1px solid transparent;border-radius: .25rem;'>执行SQL:".$this->queryString.",执行时间:<b>{$queryTime}</b></div>\r\n";

  291.         }

  292. 

  293.         return mysqli_affected_rows($this->linkID);

  294.     }

  295. 

  296.     function ExecNoneQuery($sql='')

  297.     {

  298.         return $this->ExecuteNoneQuery($sql);

  299.     }

  300. 

  301.     function GetFetchRow($id='me')

  302.     {

  303.         return @mysqli_fetch_row($this->result[$id]);

  304.     }

  305. 

  306.     function GetAffectedRows()

  307.     {

  308.         return mysqli_affected_rows($this->linkID);

  309.     }

  310. 

  311.     //执行一个带返回结果的SQL语句,如SELECT,SHOW等

  312.     function Execute($id="me", $sql='')

  313.     {

  314.         global $dsqli;

  315. 		if(!$dsqli->isInit)

  316. 		{

  317. 			$this->Init($this->pconnect);

  318. 		}

  319.         if($dsqli->isClose)

  320.         {

  321.             $this->Open(FALSE);

  322.             $dsqli->isClose = FALSE;

  323.         }

  324.         if(!empty($sql))

  325.         {

  326.             $this->SetQuery($sql);

  327.         }

  328.         //SQL语句安全检查

  329.         if($this->safeCheck)

  330.         {

  331.             CheckSql($this->queryString);

  332.         }

  333. 

  334.         $t1 = ExecTime();

  335.         //var_dump($this->queryString);

  336.         $this->result[$id] = mysqli_query($this->linkID, $this->queryString);

  337. 		//var_dump(mysql_error());

  338. 

  339.         //查询性能测试

  340.         if($this->recordLog) {

  341. 			$queryTime = ExecTime() - $t1;

  342.             $this->RecordLog($queryTime);

  343.             //echo $this->queryString."--{$queryTime}<hr />\r\n";

  344.         }

  345.         if (DEBUG_LEVEL===TRUE) {

  346.             $queryTime = ExecTime() - $t1;

  347.             echo "<div style='width:98%;margin:1rem auto;color: #155724;background-color: #d4edda;border-color: #c3e6cb;position: relative;padding: .75rem 1.25rem;border: 1px solid transparent;border-radius: .25rem;'>执行SQL:".$this->queryString.",执行时间:<b>{$queryTime}</b></div>\r\n";

  348.         }

  349. 

  350.         if($this->result[$id]===FALSE)

  351.         {

  352.             $this->DisplayError(mysqli_error($this->linkID)." <br />Error sql: <font color='red'>".$this->queryString."</font>");

  353.         }

  354.     }

  355. 

  356.     function Query($id="me",$sql='')

  357.     {

  358.         $this->Execute($id,$sql);

  359.     }

  360. 

  361.     //执行一个SQL语句,返回前一条记录或仅返回一条记录

  362.     function GetOne($sql='',$acctype=MYSQLI_ASSOC)

  363.     {

  364.         global $dsqli;

  365.         // $t1 = ExecTime();

  366. 		if(!$dsqli->isInit)

  367. 		{

  368. 			$this->Init($this->pconnect);

  369.         }

  370.         // echo ExecTime() - $t1;

  371.         if($dsqli->isClose)

  372.         {

  373.             $this->Open(FALSE);

  374.             $dsqli->isClose = FALSE;

  375.         }

  376.         

  377.         if(!empty($sql))

  378.         {

  379.             if(!preg_match("/LIMIT/i",$sql)) $this->SetQuery(preg_replace("/[,;]$/i", '', trim($sql))." LIMIT 0,1;");

  380.             else $this->SetQuery($sql);

  381.         }

  382.         $this->Execute("one");

  383.         $arr = $this->GetArray("one", $acctype);

  384.         if(!is_array($arr))

  385.         {

  386.             return '';

  387.         }

  388.         else

  389.         {

  390.             @mysqli_free_result($this->result["one"]); return($arr);

  391.         }

  392.     }

  393. 

  394.     //执行一个不与任何表名有关的SQL语句,Create等

  395.     function ExecuteSafeQuery($sql,$id="me")

  396.     {

  397.         global $dsqli;

  398. 		if(!$dsqli->isInit)

  399. 		{

  400. 			$this->Init($this->pconnect);

  401. 		}

  402.         if($dsqli->isClose)

  403.         {

  404.             $this->Open(FALSE);

  405.             $dsqli->isClose = FALSE;

  406.         }

  407.         $this->result[$id] = @mysqli_query($sql,$this->linkID);

  408.     }

  409. 

  410.     //返回当前的一条记录并把游标移向下一记录

  411.     // MYSQLI_ASSOC、MYSQLI_NUM、MYSQLI_BOTH

  412.     function GetArray($id="me",$acctype=MYSQLI_ASSOC)

  413.     {

  414.         // var_dump($this->result);

  415.         if($this->result[$id]===0)

  416.         {

  417.             return FALSE;

  418.         }

  419.         else

  420.         {

  421.             return @mysqli_fetch_array($this->result[$id], $acctype);

  422.         }

  423.     }

  424. 

  425.     function GetObject($id="me")

  426.     {

  427.         if($this->result[$id]===0)

  428.         {

  429.             return FALSE;

  430.         }

  431.         else

  432.         {

  433.             return mysqli_fetch_object($this->result[$id]);

  434.         }

  435.     }

  436. 

  437.     // 检测是否存在某数据表

  438.     function IsTable($tbname)

  439.     {

  440.         global $dsqli;

  441. 		if(!$dsqli->isInit)

  442. 		{

  443. 			$this->Init($this->pconnect);

  444. 		}

  445.         $prefix="#@__";

  446.         $tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname);

  447.         if( mysqli_num_rows( @mysqli_query($this->linkID, "SHOW TABLES LIKE '".$tbname."'")))

  448.         {

  449.             return TRUE;

  450.         }

  451.         return FALSE;

  452.     }

  453. 

  454.     //获得MySql的版本号

  455.     function GetVersion($isformat=TRUE)

  456.     {

  457.         global $dsqli;

  458. 		if(!$dsqli->isInit)

  459. 		{

  460. 			$this->Init($this->pconnect);

  461. 		}

  462.         if($dsqli->isClose)

  463.         {

  464.             $this->Open(FALSE);

  465.             $dsqli->isClose = FALSE;

  466.         }

  467.         $rs = mysqli_query($this->linkID, "SELECT VERSION();");

  468.         $row = mysqli_fetch_array($rs);

  469.         $mysql_version = $row[0];

  470.         mysqli_free_result($rs);

  471.         if($isformat)

  472.         {

  473.             $mysql_versions = explode(".",trim($mysql_version));

  474.             $mysql_version = number_format($mysql_versions[0].".".$mysql_versions[1],2);

  475.         }

  476.         return $mysql_version;

  477.     }

  478. 

  479.     //获取特定表的信息

  480.     function GetTableFields($tbname, $id="me")

  481.     {

  482. 		global $dsqli;

  483. 		if(!$dsqli->isInit)

  484. 		{

  485. 			$this->Init($this->pconnect);

  486. 		}

  487.         $prefix="#@__";

  488.         $tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname);

  489.         $query = "SELECT * FROM {$tbname} LIMIT 0,1";

  490.         $this->result[$id] = mysqli_query($this->linkID, $query);

  491.     }

  492. 

  493.     //获取字段详细信息

  494.     function GetFieldObject($id="me")

  495.     {

  496.         return mysqli_fetch_field($this->result[$id]);

  497.     }

  498. 

  499.     //获得查询的总记录数

  500.     function GetTotalRow($id="me")

  501.     {

  502.         if($this->result[$id]===0)

  503.         {

  504.             return -1;

  505.         }

  506.         else

  507.         {

  508.             return @mysqli_num_rows($this->result[$id]);

  509.         }

  510.     }

  511. 

  512.     //获取上一步INSERT操作产生的ID

  513.     function GetLastID()

  514.     {

  515.         //如果 AUTO_INCREMENT 的列的类型是 BIGINT,则 mysqli_insert_id() 返回的值将不正确。

  516.         //可以在 SQL 查询中用 MySQL 内部的 SQL 函数 LAST_INSERT_ID() 来替代。

  517.         //$rs = mysqli_query($this->linkID, "Select LAST_INSERT_ID() as lid");

  518.         //$row = mysqli_fetch_array($rs);

  519.         //return $row["lid"];

  520.         return mysqli_insert_id($this->linkID);

  521.     }

  522. 

  523.     //释放记录集占用的资源

  524.     function FreeResult($id="me")

  525.     {

  526.         @mysqli_free_result($this->result[$id]);

  527.     }

  528.     function FreeResultAll()

  529.     {

  530.         if(!is_array($this->result))

  531.         {

  532.             return '';

  533.         }

  534.         foreach($this->result as $kk => $vv)

  535.         {

  536.             if($vv)

  537.             {

  538.                 @mysqli_free_result($vv);

  539.             }

  540.         }

  541.     }

  542. 

  543.     //设置SQL语句,会自动把SQL语句里的#@__替换为$this->dbPrefix(在配置文件中为$cfg_dbprefix)

  544.     function SetQuery($sql)

  545.     {

  546.         $prefix="#@__";

  547.         $sql = str_replace($prefix,$GLOBALS['cfg_dbprefix'],$sql);

  548.         $this->queryString = $sql;

  549.     }

  550. 

  551.     function SetSql($sql)

  552.     {

  553.         $this->SetQuery($sql);

  554.     }

  555. 

  556. 	function RecordLog($runtime=0)

  557. 	{

  558. 		$RecordLogFile = dirname(__FILE__).'/../data/mysqli_record_log.inc';

  559. 		$url = $this->GetCurUrl();

  560. 		$savemsg = <<<EOT

  561. 

  562. ------------------------------------------

  563. SQL:{$this->queryString}

  564. Page:$url

  565. Runtime:$runtime

  566. EOT;

  567.         $fp = @fopen($RecordLogFile, 'a');

  568.         @fwrite($fp, $savemsg);

  569.         @fclose($fp);

  570. 	}

  571. 

  572.     //显示数据链接错误信息

  573.     function DisplayError($msg)

  574.     {

  575.         $errorTrackFile = dirname(__FILE__).'/../data/mysqli_error_trace.inc';

  576.         if( file_exists(dirname(__FILE__).'/../data/mysqli_error_trace.php') )

  577.         {

  578.             @unlink(dirname(__FILE__).'/../data/mysqli_error_trace.php');

  579.         }

  580. 		if($this->showError)

  581. 		{

  582. 			$emsg = '';

  583. 			$emsg .= "<div><h3>DedeCMS Error Warning!</h3>\r\n";

  584. 			$emsg .= "<div><a href='http://bbs.dedecms.com' target='_blank' style='color:red'>Technical Support: http://bbs.dedecms.com</a></div>";

  585. 			$emsg .= "<div style='line-helght:160%;font-size:14px;color:green'>\r\n";

  586. 			$emsg .= "<div style='color:blue'><br />Error page: <font color='red'>".$this->GetCurUrl()."</font></div>\r\n";

  587. 			$emsg .= "<div>Error infos: {$msg}</div>\r\n";

  588. 			$emsg .= "<br /></div></div>\r\n";

  589. 

  590. 			echo $emsg;

  591. 		}

  592. 

  593.         $savemsg = 'Page: '.$this->GetCurUrl()."\r\nError: ".$msg."\r\nTime".date('Y-m-d H:i:s');

  594.         //保存MySql错误日志

  595.         $fp = @fopen($errorTrackFile, 'a');

  596.         @fwrite($fp, '<'.'?php  exit();'."\r\n/*\r\n{$savemsg}\r\n*/\r\n?".">\r\n");

  597.         @fclose($fp);

  598.     }

  599. 

  600.     //获得当前的脚本网址

  601.     function GetCurUrl()

  602.     {

  603.         if(!empty($_SERVER["REQUEST_URI"]))

  604.         {

  605.             $scriptName = $_SERVER["REQUEST_URI"];

  606.             $nowurl = $scriptName;

  607.         }

  608.         else

  609.         {

  610.             $scriptName = $_SERVER["PHP_SELF"];

  611.             if(empty($_SERVER["QUERY_STRING"])) {

  612.                 $nowurl = $scriptName;

  613.             }

  614.             else {

  615.                 $nowurl = $scriptName."?".$_SERVER["QUERY_STRING"];

  616.             }

  617.         }

  618.         return $nowurl;

  619.     }

  620. 

  621. }

  622. 

  623. //复制一个对象副本

  624. function CopySQLiPoint(&$ndsql)

  625. {

  626.     $GLOBALS['dsqli'] = $ndsql;

  627. }

  628. 

  629. //SQL语句过滤程序,由80sec提供,这里作了适当的修改

  630. if (!function_exists('CheckSql'))

  631. {

  632.     function CheckSql($db_string,$querytype='select')

  633.     {

  634.         global $cfg_cookie_encode;

  635.         $clean = '';

  636.         $error='';

  637.         $old_pos = 0;

  638.         $pos = -1;

  639.         $log_file = DEDEINC.'/../data/'.md5($cfg_cookie_encode).'_safe.txt';

  640.         $userIP = GetIP();

  641.         $getUrl = GetCurUrl();

  642. 

  643.         //如果是普通查询语句,直接过滤一些特殊语法

  644.         if($querytype=='select')

  645.         {

  646.             $notallow1 = "[^0-9a-z@\._-]{1,}(union|sleep|benchmark|load_file|outfile)[^0-9a-z@\.-]{1,}";

  647. 

  648.             //$notallow2 = "--|/\*";

  649.             if(preg_match("/".$notallow1."/i", $db_string))

  650.             {

  651.                 fputs(fopen($log_file,'a+'),"$userIP||$getUrl||$db_string||SelectBreak\r\n");

  652.                 exit("<font size='5' color='red'>Safe Alert: Request Error step 1 !</font>");

  653.             }

  654.         }

  655. 

  656.         //完整的SQL检查

  657.         while (TRUE)

  658.         {

  659.             $pos = strpos($db_string, '\'', $pos + 1);

  660.             if ($pos === FALSE)

  661.             {

  662.                 break;

  663.             }

  664.             $clean .= substr($db_string, $old_pos, $pos - $old_pos);

  665.             while (TRUE)

  666.             {

  667.                 $pos1 = strpos($db_string, '\'', $pos + 1);

  668.                 $pos2 = strpos($db_string, '\\', $pos + 1);

  669.                 if ($pos1 === FALSE)

  670.                 {

  671.                     break;

  672.                 }

  673.                 elseif ($pos2 == FALSE || $pos2 > $pos1)

  674.                 {

  675.                     $pos = $pos1;

  676.                     break;

  677.                 }

  678.                 $pos = $pos2 + 1;

  679.             }

  680.             $clean .= '$s$';

  681.             $old_pos = $pos + 1;

  682.         }

  683.         $clean .= substr($db_string, $old_pos);

  684.         $clean = trim(strtolower(preg_replace(array('~\s+~s' ), array(' '), $clean)));

  685. 

  686.         if (strpos($clean, '@') !== FALSE  OR strpos($clean,'char(')!== FALSE OR strpos($clean,'"')!== FALSE

  687.         OR strpos($clean,'$s$$s$')!== FALSE)

  688.         {

  689.             $fail = TRUE;

  690.             if(preg_match("#^create table#i",$clean)) $fail = FALSE;

  691.             $error="unusual character";

  692.         }

  693. 

  694.         //老版本的Mysql并不支持union,常用的程序里也不使用union,但是一些黑客使用它,所以检查它

  695.         if (strpos($clean, 'union') !== FALSE && preg_match('~(^|[^a-z])union($|[^[a-z])~s', $clean) != 0)

  696.         {

  697.             $fail = TRUE;

  698.             $error="union detect";

  699.         }

  700. 

  701.         //发布版本的程序可能比较少包括--,#这样的注释,但是黑客经常使用它们

  702.         elseif (strpos($clean, '/*') > 2 || strpos($clean, '--') !== FALSE || strpos($clean, '#') !== FALSE)

  703.         {

  704.             $fail = TRUE;

  705.             $error="comment detect";

  706.         }

  707. 

  708.         //这些函数不会被使用,但是黑客会用它来操作文件,down掉数据库

  709.         elseif (strpos($clean, 'sleep') !== FALSE && preg_match('~(^|[^a-z])sleep($|[^[a-z])~s', $clean) != 0)

  710.         {

  711.             $fail = TRUE;

  712.             $error="slown down detect";

  713.         }

  714.         elseif (strpos($clean, 'benchmark') !== FALSE && preg_match('~(^|[^a-z])benchmark($|[^[a-z])~s', $clean) != 0)

  715.         {

  716.             $fail = TRUE;

  717.             $error="slown down detect";

  718.         }

  719.         elseif (strpos($clean, 'load_file') !== FALSE && preg_match('~(^|[^a-z])load_file($|[^[a-z])~s', $clean) != 0)

  720.         {

  721.             $fail = TRUE;

  722.             $error="file fun detect";

  723.         }

  724.         elseif (strpos($clean, 'into outfile') !== FALSE && preg_match('~(^|[^a-z])into\s+outfile($|[^[a-z])~s', $clean) != 0)

  725.         {

  726.             $fail = TRUE;

  727.             $error="file fun detect";

  728.         }

  729. 

  730.         //老版本的MYSQL不支持子查询,我们的程序里可能也用得少,但是黑客可以使用它来查询数据库敏感信息

  731.         elseif (preg_match('~\([^)]*?select~s', $clean) != 0)

  732.         {

  733.             $fail = TRUE;

  734.             $error="sub select detect";

  735.         }

  736.         if (!empty($fail))

  737.         {

  738.             fputs(fopen($log_file,'a+'),"$userIP||$getUrl||$db_string||$error\r\n");

  739.             exit("<font size='5' color='red'>Safe Alert: Request Error step 2!</font>");

  740.         }

  741.         else

  742.         {

  743.             return $db_string;

  744.         }

  745.     }

  746. }