• 欢迎访问开心洋葱网站,在线教程,推荐使用最新版火狐浏览器和Chrome浏览器访问本网站,欢迎加入开心洋葱 QQ群
  • 为方便开心洋葱网用户,开心洋葱官网已经开启复制功能!
  • 欢迎访问开心洋葱网站,手机也能访问哦~欢迎加入开心洋葱多维思维学习平台 QQ群
  • 如果您觉得本站非常有看点,那么赶紧使用Ctrl+D 收藏开心洋葱吧~~~~~~~~~~~~~!
  • 由于近期流量激增,小站的ECS没能经的起亲们的访问,本站依然没有盈利,如果各位看如果觉着文字不错,还请看官给小站打个赏~~~~~~~~~~~~~!

PHP面向对象实现数据库登陆的类代码

PHP 水墨上仙 2053次浏览

PHP面向对象实现数据库登陆的类代码

db_class.php类的实现代码:

<?php
	  class dbclass
	  {
	    public $connection ;
		public $result ;
        public $fetch_num ; 		
	        
	        function connect_db($host,$user,$password)
			{
			     if(($this->connection = mysql_connect($host,$user,$password)) == FALSE)
				 {
				     die("Cannot connect to the database . error code:".mysql_error());
				 }
			}
			
			function select_db($dbname,$connection)
			{
			      if(mysql_select_db($dbname,$connection)==FALSE)
				  {
				     die("Cannot to select the database . Error code:".mysql_error());
				  }
			}
			
			function db_query($sql)
			{
			    $result = mysql_query($sql);
				if($result == FALSE){
				   die("mysql_query execute error . Error code : ".mysql_error());
				}
				$this->result = $result ;
			}
			
			function fetch_num($result)
			{
			     $this->fetch_num = mysql_num_rows($result);
			}
	  }
?>

登录验证:login.php

<?php  session_start(); ?>
<?php
     require_once("config.php");
	 require_once("dbclass.php");
     if(count($_POST)>0)
	    if(isset($_POST["username"])&&isset($_POST["password"])){	 
	       <span style="color:#000000;">   $my_db_class = new dbclass();
		 $my_db_class->connect_db(HOST,USER,PASSWD);
		 $my_db_class->select_db(DB,$my_db_class->connection);
		 $sql = sprintf("SELECT * FROM users WHERE user_name = '%s' AND user_pwd = '%s'" , mysql_real_escape_string($_POST["username"]),mysql_real_escape_string($_POST["password"]));
         $my_db_class->db_query($sql);
         $my_db_class->fetch_num($my_db_class->result);
         if($my_db_class->fetch_num == 1)
</span>         {
		     $_SESSION["YES"] = TRUE ;
			 $host = $_SERVER["HTTP_HOST"] ; 
			 $path = dirname($_SERVER["PHP_SELF"]);
			 header("Location:http://$host$path/home.php");
         }		 
		 
	 
		}
?>
<html>
     <head>
	       <title>Login web</title>
	 </head>
	 <body>
	 <?php if(count($_POST)>0) echo "Invalid_login"; ?>
     <form method="post" action="<?php echo $_SERVER["PHP_SELF"] ?>">
	    <table>
	        <tr>
			    <td>Username:</td>
			    <td><input type="text" name="username" value="<?php echo $_POST["username"] ?>"/></td>
			</tr>
			<tr>
			    <td>Password:</td>
				<td><input type="password" name="password"/></td>
			</tr>
			<tr>
			    <td><input type="submit" value="Submit"/></td>
			</tr>
        </table>	  
	 </form>
	 </body>
<html>

这里有几个需要注意的地方:

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp1.&nbsp创建一个类的实例:&nbsp$my_db_class&nbsp=&nbspnew&nbspdbclass() 

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp2.&nbsp操作类中的属性或者函数:&nbsp$my_db_class->result(属性) &nbsp$my_db_class->connect_db(HOST,USER,PASSWD)(方法);

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp3.&nbsp进行数据库操作时防止SQL注入:$sql&nbsp=&nbspsprintf(“SELECT&nbsp*&nbspFROM&nbspusers&nbspWHERE&nbspuser_name&nbsp=&nbsp’%s’&nbspAND&nbspuser_pwd&nbsp=&nbsp’%s’&nbsp”&nbsp,&nbspmysql_real_escape_string($_POST[“username”])&nbsp,&nbspmysql_real_escape_string($_POST[“password”])) &nbsp&nbsp

注意:

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp从安全角度来考虑,我们并没有执行数据库查询后得出一个哈希表的&nbsp&nbsp$row&nbsp值,&nbsp再来比较是否等于&nbspusername&nbsp和&nbsppassword&nbsp,&nbsp即:

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbspif&nbsp(&nbsp($row[“user_name”]==$_POST[“username”])&&($row[“user_pwd”]==$_POST[“password”])&nbsp)

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp{

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp//&nbspdo&nbspsomething

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp}else{

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp//&nbspdo&nbspsomething

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp}

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp利用我们代码中的比较方法,就可以将username&nbsp和&nbsppasswd&nbsp的对比在MySql的内部运行,外部无法看到,因此增加了访问的安全性。

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp为了更加安全我们通常会对password进行加密,可以利用PASSWORD()函数,应值得注意的是PASSWORD()是作为哈希加密,安全性不高,我们在mysql中看的时候是一长串的字符(它仍是ASCII码),通过一定的方式可以很轻松的破解。

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp作为用户,我们也不想让数据库的后台管理人员看到我们的密码,我们可以利用AES_ENCRYPT($ness&nbsp,&nbsp$method&nbsp) &nbsp$ness制定需要加密的密码&nbsp,&nbsp$method为密钥,这里我们通常使用”secret”&nbsp,&nbsp这样加密后的即使后台管理人员也无法看到我的实际密码。同样设计数据库时也需要做一些改动,比如:不加密或者利用PASSWORD()进行加密时

user_pwd字段仍未:VARCHAR类型,但是利用AES_ENCRYPT()加密时则需要将&nbspuser_passwd&nbsp字段的数据类型设为:&nbspVARBINARY&nbsp;&nbsp因为它是二进制加密,最后你看到的也分辨不出来。

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp好了,这里重点还是介绍PHP5的面向对象的思想。&nbsp


开心洋葱 , 版权所有丨如未注明 , 均为原创丨未经授权请勿修改 , 转载请注明PHP面向对象实现数据库登陆的类代码
喜欢 (0)
加载中……