我创建了这个类来连接到我的数据库并读取某个地方,为连接提供不同的用户是最安全的。所以我为用户提供了四个不同的选项,用于Update,Select,Delete和Insert。我不确定是否有必要为每一个创建一个用户。我基本上想知道我能做些什么才能改进这门课程。我知道这些问题在这里出现了很多,但每个人的课程似乎都不同,所以我想我会问。
这是代码的pastebin ..它很长,否则我只是在这里发布。如果pastebin是个问题,我还是会添加代码。
(由ninetwozero编辑:将代码内联)
<?php
class DB_Connection {
//Subject to change
protected $_DATABASE = '#';
protected $_HOST = '#';
protected $_SELECT = array( 'connection' => null,
'user' => '#',
'pass' => '#',
'alive' => FALSE,
'thread' => '' );
protected $_INSERT = array( 'connection' => null,
'user' => '#',
'pass' => '#',
'alive' => FALSE,
'thread' => '' );
protected $_DELETE = array( 'connection' => null,
'user' => '#',
'pass' => '#',
'alive' => FALSE,
'thread' => '' );
protected $_UPDATE = array( 'connection' => null,
'user' => '#',
'pass' => '#',
'alive' => FALSE,
'thread' => '' );
/**
* Take an input and create that connection and connect to the database
* using the appropriate logins
* @param $type - Type of connection; SELECT, UPDATE, DELETE, INSERT
*/
public function __construct( $type ) {
switch($type) {
case "SELECT":
// Create the connection
$this->_SELECT['connection'] = new mysqli($this->_HOST,
$this->_SELECT['user'],
$this->_SELECT['pass'],
$this->_DATABASE );
// State that the connection is alive
$this->_SELECT['alive'] = TRUE;
// Put in the thread ID that is created when the connection is established
$this->_SELECT['thread'] = $this->_SELECT['connection']->thread_id;
// Verify that the connection was successfull
if($this->_SELECT['connection']->connect_error) {
die('Connection error: ' . $this->_SELECT['connection']->connect_errorno . ' ' .
$this->_SELECT['connection']->connect_error );
//TODO Create better error handling
} else {
echo "connection worked somehow.<br />";
}
case "INSERT":
// Create the connection
$this->_INSERT['connection'] = new mysqli($this->_HOST,
$this->_INSERT['user'],
$this->_INSERT['pass'],
$this->_DATABASE );
// State that the connection is alive
$this->_INSERT['alive'] = TRUE;
// Put in the thread ID that is created when the connection is establishedq
$this->_INSERT['thread'] = $this->_INSERT['connection']->thread_id;
// Verify that the connection was successfull
if($this->_INSERT['connection']->connect_error) {
die('Connection error: ' . $this->_INSERT['connection']->connect_errorno . ' ' .
$this->_INSERT['connection']->connect_error );
//TODO Create better error handling
} else {
echo "connection worked somehow.<br />";
}
case "DELETE":
// Create the connection
$this->_DELETE['connection'] = new mysqli($this->_HOST,
$this->_DELETE['user'],
$this->_DELETE['pass'],
$this->_DATABASE );
// State that the connection is alive
$this->_DELETE['alive'] = TRUE;
// Put in the thread ID that is created when the connection is establishedq
$this->_DELETE['thread'] = $this->_DELETE['connection']->thread_id;
// Verify that the connection was successfull
if($this->_DELETE['connection']->connect_error) {
die('Connection error: ' . $this->_DELETE['connection']->connect_errorno . ' ' .
$this->_DELETE['connection']->connect_error );
//TODO Create better error handling
} else {
echo "connection worked somehow.<br />";
}
case "UPDATE":
// Create the connection
$this->_UPDATE['connection'] = new mysqli($this->_HOST,
$this->_UPDATE['user'],
$this->_UPDATE['pass'],
$this->_DATABASE );
// State that the connection is alive
$this->_UPDATE['alive'] = TRUE;
// Put in the thread ID that is created when the connection is establishedq
$this->_UPDATE['thread'] = $this->_UPDATE['connection']->thread_id;
// Verify that the connection was successfull
if($this->_UPDATE['connection']->connect_error) {
die('Connection error: ' . $this->_UPDATE['connection']->connect_errorno . ' ' .
$this->_UPDATE['connection']->connect_error );
//TODO Create better error handling
} else {
echo "connection worked somehow.<br />";
}
}// END CASE
}// END _construct
public function get_Select_Con() {
return $this->_SELECT['connection'];
}
public function get_Insert_Con() {
return $this->_INSERT['connection'];
}
public function get_Delete_Con() {
return $this->_DELETE['connection'];
}
public function get_Update_Con() {
return $this->_UPDATE['connection'];
}
/**
* Kill the threads and close the connection
*/
public function __destruct() {
if ($this->_SELECT['alive'] == TRUE) {
$this->_SELECT['connection']->kill($this->_SELECT['thread']);
$this->_SELECT['connection']->close();
echo " thread killed and connection closed";
}
if ($this->_INSERT['alive'] == TRUE) {
$this->_INSERT['connection']->kill($this->_INSERT['thread']);
$this->_INSERT['connection']->close();
echo " thread killed and connection closed";
}
if ($this->_DELETE['alive'] == TRUE) {
$this->_DELETE['connection']->kill($this->_DELETE['thread']);
$this->_DELETE['connection']->close();
echo " thread killed and connection closed";
}
if ($this->_UPDATE['alive'] == TRUE) {
$this->_UPDATE['connection']->kill($this->_UPDATE['thread']);
$this->_UPDATE['connection']->close();
echo " thread killed and connection closed";
}
}// END _destruct
}
?>
答案 0 :(得分:1)
你可能没有正确理解事物。大多数情况下,数据库访问应在事务内部进行,这保证了ACIDity。在同一个事务中,您将拥有选择,插入,更新和删除。对于每种操作,有4个不同的用户(因此有4个单独的连接,因此有4个单独的事务),这只是一个非常糟糕的主意。
答案 1 :(得分:0)
特定用户可以执行的操作的限制不应委托给代码,而应由数据库服务器本身通过其权限管理进行管理。即使有一个非常(太??)粗粒度的权限模式,它会很快变得非常混乱,正如您的代码所证明的那样。现在假设您需要在每个表的基础上管理这些权限......
正如其他人已经说过的那样,我会坚持使用现有的数据库连接解决方案并学习如何使用数据库的权限系统来发挥其最大潜力,例如让只显示数据的应用程序以具有读取权限的用户身份运行等等。
答案 2 :(得分:0)
如果要创建不同的数据库用户,那么这些用户应该是针对使用您的应用程序的不同种类(和级别)的用户,而不是针对数据库的每个权限的用户,因为单个用户可能想要完成所有以上某点......但仅限于某些表格。因此,您可以为来宾,经过身份验证的用户,管理员等创建不同的用户。例如,来宾将无法更新(甚至是SELECT?)user_profiles表。
正如我的评论中所提到的......你不应该在类本身内存储你的数据库连接参数。这些应该从安全位置(可能在Web根目录之上)读入,这样如果PHP被泄露,那么您的数据库就不那么好了。