ImageSQL.class.php
3.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
<?php
require_once dirname(__FILE__).'/../../db/DbMysqli.class.php';
class ImageSQL
{
private $mDBConn;
private $mTableName = '';
public function __construct()
{
$this->mDBConn = new DbMysqli(APP_DBHOST, APP_DBUSER, APP_DBPASS, APP_DBNAME, APP_DBPORT);
$this->mTableName = ' fileSys_files ';
}
/**
* 根据条件获取信息
*
* @param int $userID
* @param array $imageTypes
* @param string $fileMD5
* @param string $startTime
* @param string $endTime
* @return array
* (
* ID, filePath
* )
*/
public function getImageInfo($startPos, $length, $fileMD5='' ,$userID=0, $imageTypes = array(), $startTime='', $endTime='')
{
$sql = "SELECT id, filePath FROM ".$this->mTableName;
//查询条件
$sqlWhere = "WHERE ";
//查询条件组
$sqlWheres = array(
'userID'=>'','imageTypes'=>'',
'startTime'=>'','endTime'=>''
);
//如果文件的md5存在,查找
if(!empty($fileMD5))
{
$sql.="WHERE uniqueMd5=".$this->escape($fileMD5);
$result = $this->mDBConn->getOne($sql);
return array($result);
}
//根据userID
if(!empty($userID) && is_numeric($userID))
{
$sqlWheres['userID'] = "uploadUser=".$userID;
}
//开始时间
if(!empty($startTime))
{
$sqlWheres['startTime'] = " uploadTime>=".$this->escape($startTime);
}
//结束时间
if(!empty($endTime))
{
$sqlWheres['endTime'] = " uploadTime<=".$this->escape($endTime);
}
//临时总计
$tmpPos = 0;
//图片类型
if(count($imageTypes)&& !empty($imageTypes))
{
foreach($imageTypes as $imageType)
{
if(!empty($imageType))
{
$tmpPos++;
if($tmpPos==1)
{
$sqlWheres['imageTypes'] = "twoLevelName=".$this->escape($imageType);
}
else
{
$sqlWheres['imageTypes'].=" OR twoLevelName=".$this->escape($imageType);
}
}
}
}
//临时总计
$tmpPos = 0;
//查询条件组处理
foreach($sqlWheres as $where)
{
if(!empty($where))
{
$tmpPos++;
if($tmpPos==1)
{
$sqlWhere.=" (".$where.") ";
}
else
{
$sqlWhere.=" AND (".$where.") ";
}
}
}
//处理限制过滤
if($startPos<0)
{
$startPos = 0;
}
if($length>1000)
{
$length = 1000;
}
if(!empty($tmpPos))
{
$sql.= $sqlWhere;
}
$limit = "$startPos, $length";
$result = $this->mDBConn->getMore($sql, $limit);
return $result;
}
/**
* 针对SQL语句的变量进行反斜线过滤,并两边添加单引号
*
* @param mixed $var 过滤前变量
* @param boolean $strip 数据是否经过stripslashes处理
* @param boolean $is_array 变量是否为数组
* @return mixed 过滤后变量
*/
private function escape($var, $strip = true, $is_array=false)
{
if (is_array($var))
{
if (!$is_array) return " '' ";
foreach ($var as $key => $value)
{
$var[$key] = trim($this->escape($value,$strip));
}
return $var;
}
elseif (is_numeric($var))
{
return " '".$var."' ";
}
else
{
return " '".addslashes($strip ? stripslashes($var) : $var)."' ";
}
}
}
?>