Anscheinend kein guter
Sowas musst du per PreparedStatement ausführen, und am besten noch alle Eingaben Serverseitig validieren.
Mit freundlichen GrüßenLeon Kahler // Sergej K.
Edit: Der Beitrag ist auch schon etwas älter.
Danke für diese Komplimente.
Hier geht es gerade nicht um Schönheit Performance und Sicherheit sondern ums Prinzip.
So könnte man es ja einem Neuling zeigen, dann blickt er gar nicht mehr durch.. aber gut.. xD
Um es mal zu zeigen wie es im großen Stil aussueht 
Datenbankklasse
PHP
<?php
namespace Components;
use Model\DBResult;
/**
* Db short summary.
*
* Db description.
*
* @version 1.0
* @author waack
*/
class Db
{
/**
* Summary of $_connection
* @var \mysqli
*/
private $_connection;
/**
* Summary of $_instance
* @var Db
*/
private static $_instance;
public $lastId;
public $lastErr;
/**
* Summary of getInstance
* @return Db
*/
public static function getInstance()
{
if (!self::$_instance) { // If no instance then make one
self::$_instance = new self();
}
return self::$_instance;
}
/**
* Summary of __construct
*/
private function __construct()
{
$this->_connection = $this->open_connection();
// Error handling
if (\mysqli_connect_error()) {
trigger_error("Failed to conencto to MySQL: " . \mysql_error);
}
}
/**
* Summary of close_connection
* @param mixed $db
*/
public function close_connection(\mysqli $db)
{
if (is_object($db)) {
$thread = $db->thread_id;
$db->kill($thread);
$db->close();
}
}
/**
* Summary of open_connection
* @return \mysqli
*/
public function open_connection()
{
$db = new \mysqli(DB_HOST, DB_USER, DB_PASSW, DB_NAME,DB_PORT);
if (!$db->set_charset("utf8")) {
debug("ERROR set utf8");
}
//$myDb = $db;
return $db;
}
/**
* Summary of __clone
*/
private function __clone()
{
}
/**
* Summary of getConnection
* @return \mysqli
*/
public function getConnection()
{
return $this->_connection;
}
/**
* Transaktion starten
*
* @return void
*/
public static function beginTransaction()
{
$db = Db::getInstance();
$con = $db->getConnection();
$con->begin_transaction();
}
/**
* Transaktion abschliießen
*
* @return void
*/
public static function commit()
{
$db = Db::getInstance();
$con = $db->getConnection();
$con->commit();
}
/**
* Transaktion rückgängig machen
*
* @return void
*/
public static function rollback()
{
$db = Db::getInstance();
$con = $db->getConnection();
$con->rollback();
}
/**
* Summary of run
* @param mixed $sql mit optionalen Platzhaltern
* @param array $args Werte für die Platzhalter (s. sprintf)
* @return DBResult
*/
public static function run($sql, $args = null)
{
$sql = preg_replace("/%P/i", DB_PREFIX, $sql);
$retVal = new DBResult();
$db = Db::getInstance();
$con = $db->getConnection();
if ($args !== null) {
#debug($sql,false);
$param_types = [];
$param_values = [];
for ($i = 0; $i < count($args); $i++) {
$val = $args[$i];
//! Nur String und Integer
$param_types[] .= gettype($val) === 'string' ? 's' : 'i';
$param_values[] = $val;
}
array_unshift($param_values, implode($param_types));
if (!$stmt = $con->prepare($sql)) {
$retVal = new DBResult();
$retVal->err = $con->error;
$db->lastErr = $con->error;
debug($con->error);
debug($sql);
debug(debug_backtrace());
debug(debug_backtrace()[0]['file'] . ' on Line ' . debug_backtrace()[0]['line']);
return $retVal;
}
if (!call_user_func_array(array($stmt, "bind_param"), array_merge($db->getReferences($param_values)))) {
$retVal->result = null;
$retVal->err = "Error on call_user_func_array bind_param";
return $retVal;
}
} else {
if (!$stmt = $con->prepare($sql)) {
$db->lastErr = $con->error;
$retVal->err = $con->error;
debug($con->error);
debug($sql);
debug(debug_backtrace());
debug(debug_backtrace()[0]['file'] . ' on Line ' . debug_backtrace()[0]['line']);
return $retVal;
}
}
if (!$stmt->execute()) {
debug(debug_backtrace()[0]['file'] . ' on Line ' . debug_backtrace()[0]['line']);
debug($con->error);
debug($sql);
$retVal->err = $con->error;
return $retVal;
}
$result = $stmt->get_result();
$db->lastId = null;
if (startsWith(strtolower(trim($sql)), 'insert') || startsWith(strtolower(trim($sql)), 'replace')) {
$db->lastId = $con->insert_id;
}
$stmt->close();
$retVal->result = $result;
$retVal->lastId = $db->lastId;
$retVal->sql = $sql;
return $retVal;
}
/**
* Summary of getReferences
* @param array $arr
* @return array
*/
protected function getReferences(array &$arr)
{
$refs = array();
foreach ($arr as $key => $value) {
$refs[$key] = &$arr[$key];
}
return $refs;
}
}Model:
PHP
<?php
namespace Model;
class Spieler extends \Components\MBase {
protected $_table = 'players';
/**
* User ID
*
* @var integer
*/
protected $uid;
/**
* User Name
*
* @var string
*/
protected $name;
/**
* User Alias
*
* @var string
*/
protected $aliases = "";
//ALTER TABLE `players` CHANGE `aliases` `aliases` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL;
/**
* Player ID
*
* @var string
*/
protected $pid;
/**
* Player Cash
*
* @var integer
*/
protected $cash;
/**
* Player Bank Account
*
* @var integer
*/
protected $bankacc;
/**
* Cop Level
*
* @var integer
*/
protected $coplevel;
/**
* Mediclevel
*
* @var integer
*/
protected $mediclevel;
/**
* Licences Civil
*
* @var string
*/
protected $civ_licenses;
/**
* Licences Cop
*
* @var string
*/
protected $cop_licenses;
/**
* Licenses Medic
*
* @var string
*/
protected $med_licenses;
/**
* Civil Gear
*
* @var string
*/
protected $civ_gear;
/**
* Cop Gear
*
* @var string
*/
protected $cop_gear;
/**
* Medic Gear
*
* @var string
*/
protected $med_gear;
/**
* Civil Player Status
*
* @var string
*/
protected $civ_stats;
/**
* Cop Player Status
*
* @var string
*/
protected $cop_stats;
/**
* Medic Player Status
*
* @var string
*/
protected $med_stats;
/**
* Arrested
*
* @var integer
*/
protected $arrested;
/**
* Adminlevel
*
* @var integer
*/
protected $adminlevel;
/**
* Donator Level
*
* @var integer
*/
protected $donorlevel;
/**
* Blacklist / Ban
*
* @var integer
*/
protected $blacklist;
/**
* Alive
*
* @var integer
*/
protected $civ_alive;
/**
* Player Position
*
* @var string
*/
protected $civ_position;
/**
* Playtime
*
* @var string
*/
protected $playtime;
/**
* First Join
*
* @var integer
*/
protected $insert_time;
/**
* Last Join
*
* @var integer
*/
protected $last_seen;
/**
* Get last Join
*
* @return integer
*/
public function getLast_seen()
{
return $this->last_seen;
}
/**
* Set last Join
*
* @param integer $last_seen Last Join
*
* @return self
*/
public function setLast_seen($last_seen)
{
$this->last_seen = $last_seen;
return $this;
}
/**
* Get first Join
*
* @return integer
*/
public function getInsert_time()
{
return $this->insert_time;
}
/**
* Set first Join
*
* @param integer $insert_time First Join
*
* @return self
*/
public function setInsert_time($insert_time)
{
$this->insert_time = $insert_time;
return $this;
}
/**
* Get playtime
*
* @return string
*/
public function getPlaytime()
{
return $this->playtime;
}
/**
* Set playtime
*
* @param string $playtime Playtime
*
* @return self
*/
public function setPlaytime(string $playtime)
{
$this->playtime = $playtime;
return $this;
}
/**
* Get player Position
*
* @return string
*/
public function getCiv_position()
{
return $this->civ_position;
}
/**
* Set player Position
*
* @param string $civ_position Player Position
*
* @return self
*/
public function setCiv_position(string $civ_position)
{
$this->civ_position = $civ_position;
return $this;
}
/**
* Get alive
*
* @return integer
*/
public function getCiv_alive()
{
return $this->civ_alive;
}
/**
* Set alive
*
* @param integer $civ_alive Alive
*
* @return self
*/
public function setCiv_alive($civ_alive)
{
$this->civ_alive = $civ_alive;
return $this;
}
/**
* Get blacklist / Ban
*
* @return integer
*/
public function getBlacklist()
{
return $this->blacklist;
}
/**
* Set blacklist / Ban
*
* @param integer $blacklist Blacklist / Ban
*
* @return self
*/
public function setBlacklist($blacklist)
{
$this->blacklist = $blacklist;
return $this;
}
/**
* Get donator Level
*
* @return integer
*/
public function getDonorlevel()
{
return $this->donorlevel;
}
/**
* Set donator Level
*
* @param integer $donorlevel Donator Level
*
* @return self
*/
public function setDonorlevel($donorlevel)
{
$this->donorlevel = $donorlevel;
return $this;
}
/**
* Get adminlevel
*
* @return integer
*/
public function getAdminlevel()
{
return $this->adminlevel;
}
/**
* Set adminlevel
*
* @param integer $adminlevel Adminlevel
*
* @return self
*/
public function setAdminlevel($adminlevel)
{
$this->adminlevel = $adminlevel;
return $this;
}
/**
* Get arrested
*
* @return integer
*/
public function getArrested()
{
return $this->arrested;
}
/**
* Set arrested
*
* @param integer $arrested Arrested
*
* @return self
*/
public function setArrested($arrested)
{
$this->arrested = $arrested;
return $this;
}
/**
* Get medic Player Status
*
* @return string
*/
public function getMed_stats()
{
return $this->med_stats;
}
/**
* Set medic Player Status
*
* @param string $med_stats Medic Player Status
*
* @return self
*/
public function setMed_stats(string $med_stats)
{
$this->med_stats = $med_stats;
return $this;
}
/**
* Get cop Player Status
*
* @return string
*/
public function getCop_stats()
{
return $this->cop_stats;
}
/**
* Set cop Player Status
*
* @param string $cop_stats Cop Player Status
*
* @return self
*/
public function setCop_stats(string $cop_stats)
{
$this->cop_stats = $cop_stats;
return $this;
}
/**
* Get civil Player Status
*
* @return string
*/
public function getCiv_stats()
{
return $this->civ_stats;
}
/**
* Set civil Player Status
*
* @param string $civ_stats Civil Player Status
*
* @return self
*/
public function setCiv_stats(string $civ_stats)
{
$this->civ_stats = $civ_stats;
return $this;
}
/**
* Get medic Gear
*
* @return string
*/
public function getMed_gear()
{
return $this->med_gear;
}
/**
* Set medic Gear
*
* @param string $med_gear Medic Gear
*
* @return self
*/
public function setMed_gear(string $med_gear)
{
$this->med_gear = $med_gear;
return $this;
}
/**
* Get cop Gear
*
* @return string
*/
public function getCop_gear()
{
return $this->cop_gear;
}
/**
* Set cop Gear
*
* @param string $cop_gear Cop Gear
*
* @return self
*/
public function setCop_gear(string $cop_gear)
{
$this->cop_gear = $cop_gear;
return $this;
}
/**
* Get civil Gear
*
* @return string
*/
public function getCiv_gear()
{
return $this->civ_gear;
}
/**
* Set civil Gear
*
* @param string $civ_gear Civil Gear
*
* @return self
*/
public function setCiv_gear(string $civ_gear)
{
$this->civ_gear = $civ_gear;
return $this;
}
/**
* Get licenses Medic
*
* @return string
*/
public function getMed_licenses()
{
return $this->med_licenses;
}
/**
* Set licenses Medic
*
* @param string $med_licenses Licenses Medic
*
* @return self
*/
public function setMed_licenses(string $med_licenses)
{
$this->med_licenses = $med_licenses;
return $this;
}
/**
* Get licences Cop
*
* @return string
*/
public function getCop_licenses()
{
return $this->cop_licenses;
}
/**
* Set licences Cop
*
* @param string $cop_licenses Licences Cop
*
* @return self
*/
public function setCop_licenses(string $cop_licenses)
{
$this->cop_licenses = $cop_licenses;
return $this;
}
/**
* Get licences Civil
*
* @return string
*/
public function getCiv_licenses()
{
return $this->civ_licenses;
}
/**
* Set licences Civil
*
* @param string $civ_licenses Licences Civil
*
* @return self
*/
public function setCiv_licenses(string $civ_licenses)
{
$this->civ_licenses = $civ_licenses;
return $this;
}
/**
* Get mediclevel
*
* @return integer
*/
public function getMediclevel()
{
return $this->mediclevel;
}
/**
* Set mediclevel
*
* @param integer $mediclevel Mediclevel
*
* @return self
*/
public function setMediclevel($mediclevel)
{
$this->mediclevel = $mediclevel;
return $this;
}
/**
* Get cop Level
*
* @return integer
*/
public function getCoplevel()
{
return $this->coplevel;
}
/**
* Set cop Level
*
* @param integer $coplevel Cop Level
*
* @return self
*/
public function setCoplevel($coplevel)
{
$this->coplevel = $coplevel;
return $this;
}
/**
* Get player Bank Account
*
* @return integer
*/
public function getBankacc()
{
return $this->bankacc;
}
/**
* Set player Bank Account
*
* @param integer $bankacc Player Bank Account
*
* @return self
*/
public function setBankacc($bankacc)
{
$this->bankacc = $bankacc;
return $this;
}
/**
* Get player Cash
*
* @return integer
*/
public function getCash()
{
return $this->cash;
}
/**
* Set player Cash
*
* @param integer $cash Player Cash
*
* @return self
*/
public function setCash($cash)
{
$this->cash = $cash;
return $this;
}
/**
* Get player ID
*
* @return string
*/
public function getPid()
{
return $this->pid;
}
/**
* Set player ID
*
* @param string $pid Player ID
*
* @return self
*/
public function setPid(string $pid)
{
$this->pid = $pid;
return $this;
}
/**
* Get user Alias
*
* @return string
*/
public function getAliases()
{
return $this->aliases;
}
/**
* Set user Alias
*
* @param string $aliases User Alias
*
* @return self
*/
public function setAliases(string $aliases)
{
$this->aliases = $aliases;
return $this;
}
/**
* Get user Name
*
* @return string
*/
public function getName()
{
return $this->name;
}
/**
* Set user Name
*
* @param string $name User Name
*
* @return self
*/
public function setName(string $name)
{
$this->name = $name;
return $this;
}
/**
* Get user ID
*
* @return integer
*/
public function getUid()
{
return $this->uid;
}
/**
* Set user ID
*
* @param integer $uid User ID
*
* @return self
*/
public function setUid($uid)
{
$this->uid = $uid;
return $this;
}
}