实现环境:
PHP 5.4.24
MySQL 5.6.19
OS X 10.9.4/Apache 2.2.26
一、代码
CREATE TABLE `session` (`skey` char(32) CHARACTER SET ascii NOT NULL,`data` text COLLATE utf8mb4_bin,`expire` int(11) NOT NULL,PRIMARY KEY (`skey`),KEY `index_session_expire` (`expire`) USING BTREE) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin;
TRUE,PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,PDO::ATTR_EMULATE_PREPARES => FALSE));return $conn;} catch (Exception $ex) {}}//自定义的session的open函数function sessionMysqlOpen($savePath, $sessionName) {return TRUE;}//自定义的session的close函数function sessionMysqlClose() {return TRUE;}/** 由于一般不会把用户提交的数据直接保存到session,所以普通情况不存在注入问题。* 且处理session数据的SQL语句也不会多次使用。因此预处理功能的效益无法体现。* 所以,实际工程中可以不必教条的使用预处理功能。*//** sessionMysqlRead()函数中,首先通过SELECT count(*)来判断sessionID是否存在。* 由于MySQL数据库提供SELECT对PDOStatement::rowCount()的支持,* 因此,实际的工程中可以直接使用rowCount()进行判断。*///自定义的session的read函数//SQL语句中增加了“expire > time()”判断,用以避免读取过期的session。function sessionMysqlRead($sessionId) {try {$dbh = getConnection();$time = time();$sql = 'SELECT count(*) AS `count` FROM session '. 'WHERE skey = ? and expire > ?';$stmt = $dbh->prepare($sql);$stmt->execute(array($sessionId, $time));$data = $stmt->fetch(PDO::FETCH_ASSOC)['count'];if ($data = 0) {return '';}$sql = 'SELECT `data` FROM `session` '. 'WHERE `skey` = ? and `expire` > ?';$stmt = $dbh->prepare($sql);$stmt->execute(array($sessionId, $time));$data = $stmt->fetch(PDO::FETCH_ASSOC)['data'];return $data;} catch (Exception $e) {return '';}}//自定义的session的write函数//expire字段存储的数据为当前时间+session生命期,当这个值小于time()时表明session失效。function sessionMysqlWrite($sessionId, $data) {try {$dbh = getConnection();$expire = time() + SESSION_MAXLIFETIME;$sql = 'INSERT INTO `session` (`skey`, `data`, `expire`) '. 'values (?, ?, ?) '. 'ON DUPLICATE KEY UPDATE data = ?, expire = ?';$stmt = $dbh->prepare($sql);$stmt->execute(array($sessionId, $data, $expire, $data, $expire));} catch (Exception $e) {echo $e->getMessage();}}//自定义的session的destroy函数function sessionMysqlDestroy($sessionId) {try {$dbh = getConnection();$sql = 'DELETE FROM `session` where skey = ?';$stmt = $dbh->prepare($sql);$stmt->execute(array($sessionId));return TRU<strong>)本文来(源gaodai#ma#com搞@@代~&码*网2</strong><pre>搞代gaodaima码
E;} catch (Exception $e) {return FALSE;}}//自定义的session的gc函数function sessionMysqlGc($lifetime) {try {$dbh = getConnection();$sql = ‘DELETE FROM `session` WHERE expire prepare($sql);$stmt->execute(array(time()));$dbh = NULL;return TRUE;} catch (Exception $e) {return FALSE;}}//自定义的session的session id设置函数/** 由于在session_start()之前,SID和session_id()均无效,* 故使用$_GET[session_name()]和$_COOKIE[session_name()]进行检测。* 如果此两者均为空,则表明session尚未建立,需要为新session设置session id。* 通过MySQL数据库获取uuid作为session id可以更好的避免session id碰撞。*/function sessionMysqlId() {if (filter_input(INPUT_GET, session_name()) == ” andfilter_input(INPUT_COOKIE, session_name()) == ”) {try {$dbh = getConnection();$stmt = $dbh->query(‘SELECT uuid() AS uuid’);$data = $stmt->fetch(PDO::FETCH_ASSOC)[‘uuid’];$data = str_replace(‘-‘, ”, $data);session_id($data);return TRUE;} catch (Exception $ex) {return FALSE;}}}//session启动函数,包括了session_start()及其之前的所有步骤。function startSession() {session_set_save_handler(‘sessionMysqlOpen’,’sessionMysqlClose’,’sessionMysqlRead’,’sessionMysqlWrite’,’sessionMysqlDestroy’,’sessionMysqlGc’);register_shutdown_function(‘session_write_close’);sessionMysqlId();session_start();}
转载请注明原文链接:PHP利用MySQL保存session的实现思路及示例代码_PHP
