<?php
$dh=opendir("./");
var_dump($dh);
$list=array();
while(($item=readdir($dh))!==false){
$list[]=$item;
}
foreach ($list as $key => $value) {
echo $value,'<br/>';
}
var_dump(readdir($dh));
$age=12;
class Human{
public $name;
public $age=19;
public function __construct($name){
$this->name=$name;
}
public static function eat(){
echo '吃饭','<br/>';
}
public static function ha(){
eat();
}
public function __destruct(){
echo '对象销毁时自动调用';
}
}
function eat(){
echo "还吃",'<br/>';
}
eat();
Human::eat();
Human::ha();
$lisi=new Human('lisi');
//封装MySQL类
class MysqlFun{
private $host;
private $user;
private $password;
private $conn;
public function __construct($host,$user,$password){
$this->host=$host;
$this->user=$user;
$this->password=$password;
$this->conn=mysql_connect('localhost','root','111111');
}
public function getConn(){
// $conn=mysql_connect($this->host,$this->user,$this->password);
return $this->conn;
}
//向数据库发送数据
public function query($sql){
return mysql_query($sql,$this->conn);
}
//查询多行数据,返回二维数组,一行数据一个一维数组
public function getAll($sql){
$rs=mysql_query($sql,$this->conn);
$arr=array();
while(($row=mysql_fetch_assoc($rs))!==false){
$arr[]=$row;
}
return $arr;
}
//查询一行数据,返回一维数组
public function getRow($sql){
$rs=mysql_query($sql,$this->conn);
return mysql_fetch_assoc($rs);
}
//查询一行一列数据,返回那个值
public function getOne($sql){
$rs=mysql_query($sql.$this->conn);
$arr=mysql_fetch_row($rs);
return $arr[0];
}
public function close(){
mysql_close($this->conn);
}
}
$wode=new MysqlFun('localhost','root','111111');
$wode->query('set names utf8');
$wode->query('use test1');
$sql='select * from stu';
$array=$wode->getAll($sql);
print_r($array);
//继承extends
/*父类私有的属性,可以理解为不能继承,因为继承了但不能访问
protected修饰的属性,继承之后再子类内部能访问,但在类外部不能访问
*/
class animal{
public function eat(){
echo 'animal会吃';
}
protected function getmoney(){
echo '我有好多钱';
}
}
class people extends animal{
public function __construct(){
parent::eat();
}
public static function run(){
echo '跑啊跑';
}
}
$zhangsan=new people();
$zhangsan->run();
//静态方法也可以用对象名调用
class hum extends people{
public function __construct(){
$this->getmoney();
}
}
$hu=new hum();
echo '<br/>';
?>
有些数据没有经过严格的验证,然后直接拼接 SQL 去查询。导致漏洞产生,比如:
$id = $_GET['id']; $sql = "SELECT name FROM users WHERE id = $id";
因为没有对 $_GET['id'] 做数据类型验证,注入者可提交任何类型的数据,比如 " and 1= 1 or " 等不安全的数据。如果按照下面方式写,就安全一些。
$id = intval($_GET['id']); $sql = "SELECT name FROM users WHERE id = $id";
复习笔记: