Created
June 6, 2013 06:18
-
-
Save PizzaLiu/5719664 to your computer and use it in GitHub Desktop.
正确地使用PHP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
保存密码 | |
http://www.openwall.com/phpass/ | |
*/ | |
// 包含phpass库 | |
require_once('phpass-0.3/PasswordHash.php'); | |
// 初始化散列器为不可移植(这样更安全) | |
$hasher = new PasswordHash(8, false); | |
// 计算密码哈希值。$hashedPassword 将会是一长为60个字符的字符串. | |
$hashedPassword = $hasher->HashPassword('my super cool password'); | |
// 你现在可以安全地保存$hashedPassword到数据库中! | |
// 通过比较用户输入内容(产生的哈希值)和我们之前计算出的哈希值,来判断用户是否输入了正确的密码 | |
$hasher->CheckPassword('the wrong password', $hashedPassword); // 返回假 | |
$hasher->CheckPassword('my super cool password', $hashedPassword); // 返回真 | |
/* | |
数据库连接 | |
PDO | |
*/ | |
try{ | |
// Create a new connection. | |
// You'll probably want to replace hostname with localhost in the first parameter. | |
// The PDO options we pass do the following: | |
// \PDO::ATTR_ERRMODE enables exceptions for errors. This is optional but can be handy. | |
// \PDO::ATTR_PERSISTENT disables persistent connections, which can cause concurrency issues in certain cases. See "Gotchas". | |
// \PDO::MYSQL_ATTR_INIT_COMMAND alerts the connection that we'll be passing UTF-8 data. This may not be required depending on your configuration, but it'll save you headaches down the road if you're trying to store Unicode strings in your database. See "Gotchas". | |
$link = new \PDO( 'mysql:host=your-hostname;dbname=your-db', | |
'your-username', | |
'your-password', | |
array( | |
\PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION, | |
\PDO::ATTR_PERSISTENT => false, | |
\PDO::MYSQL_ATTR_INIT_COMMAND => 'set names utf8mb4' | |
) | |
); | |
$handle = $link->prepare('select Username from Users where UserId = ? or Username = ? limit ?'); | |
// PHP bug: if you don't specify PDO:ARAM_INT, PDO may enclose the argument in quotes. This can mess up some MySQL queries that don't expect integers to be quoted. | |
// See: https://bugs.php.net/bug.php?id=44639 | |
// If you're not sure whether the value you're passing is an integer, use the is_int() function. | |
$handle->bindValue(1, 100, PDO:"\"static/image/smiley/default/tongue.gif\"" smilieid="\"7\"" border="\"0\"" alt="\"\"">ARAM_INT); | |
$handle->bindValue(2, 'Bilbo Baggins'); | |
$handle->bindValue(3, 5, PDO:"\"static/image/smiley/default/tongue.gif\"" smilieid="\"7\"" border="\"0\"" alt="\"\"">ARAM_INT); | |
$handle->execute(); | |
// Using the fetchAll() method might be too resource-heavy if you're selecting a truly massive amount of rows. | |
// If that's the case, you can use the fetch() method and loop through each result row one by one. | |
// You can also return arrays and other things instead of objects. See the PDO documentation for details. | |
$result = $handle->fetchAll(\PDO::FETCH_OBJ); | |
foreach($result as $row){ | |
print($row->Username); | |
} | |
} | |
catch(\PDOException $ex){ | |
print($ex->getMessage()); | |
} | |
/* | |
自动载入类 | |
*/ | |
// 首先,定义你的自动载入的函数 | |
function MyAutoload($className){ | |
include_once($className . '.php'); | |
} | |
// 然后注册它. | |
spl_autoload_register('MyAutoload'); | |
// 试试让它工作! | |
// 因为我们没包含一个定义有MyClass的文件,所以自动加载器会介入并包含MyClass.php. | |
// 对本例来说,假定在MyClass.php文件中定义了MyClass类. | |
$var = new MyClass(); | |
/* | |
缓存PHP操作码(字节码) | |
使用APC. | |
sudo apt-get install php-apc | |
*/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment