validatePost()) { $result['code'] = '102'; $result['info'] = '参数非法'; echo json_encode($result); exit(); } //暂时先统一成cookie取值 if (isset($_COOKIE['xm_data'])) { $xm_data = $_COOKIE['xm_data']; $data = unserialize($xm_data); $this->user_id = $data['id']; } else { //判断是否登陆:如果没有的话：重定向到login界面 if (!isset($_SESSION)) { session_start(); } if (!isset($_SESSION['user_id'])) { header("Location:http://". CS_DOMAIN. "/"); } $this->user_id = $_SESSION['user_id']; } } /* *执行查询操作 */ public function query($sql) { $rowset = array(); try { $dbConn = new DBConfig(); $pdo = $dbConn->conn_waice(); $pdo->beginTransaction(); $result = $pdo->query($sql); if ($result) { $rowset = $result->fetchAll(PDO::FETCH_ASSOC); $result->closeCursor(); $pdo->commit(); } } catch (PDOException $ex) { $pdo->rollBack(); } return $rowset; } public function edit($sql) { $dbConn = new DBConfig(); $pdo = $dbConn->conn_waice(); $pdo->beginTransaction(); try { $pdo->exec($sql); $pdo->commit(); return true; } catch (PDOException $ex) { $pdo->rollBack(); return false; } } /** * 调用执行存储过程 * @param $sql * @return array|null */ public function procQuery($sql) { $dbConn = new DBConfig(); $pdo = $dbConn->conn_waice(); $result = $pdo->query($sql); $flag = 1; $arr = array(); $res = null; do { $rowset = $result->fetchAll(PDO::FETCH_ASSOC); if ($flag > 1) { //说明返回的结果集大于1 if (count($arr) <= 0) { $arr[] = $res[0]; $res = $arr; } $res[] = $rowset; } if ($flag == 1) { $res[0] = $rowset; } $flag++; } while ($result->nextRowset()); $result->closeCursor(); if (isset($res[0][0]['errcode'])) //如果存在errcode的话 { if ($res[0][0]['errcode'] != 0) //存储过程出错 { $res1['code'] = $res[0][0]['errcode']; $res1['info'] = $res[0][0]['errinfo']; return $res1; } else { //将数组的第一个元素删除（删除包含errcode的数组） $res2['code'] = 0; $res2['info'] = '执行成功'; $res2['data'] = array_splice($res, 1); return $res2; } } else { $res3['code'] = 0; $res3['info'] = '执行成功'; $res3['data'] = $res; return $res3; } } /** * 执行更新操作 * @param $sql * @return int */ public function exec($sql) { try { $dbConn = new DBConfig(); $pdo = $dbConn->conn_waice(); $pdo->beginTransaction(); $result = $pdo->exec($sql); $pdo->commit(); } catch (PDOException $ex) { $pdo->rollBack(); } return $result; } /** * sql添加 * @return int */ public function insert($sql) { try { $dbConn = new DBConfig(); $pdo = $dbConn->conn_waice(); $pdo->beginTransaction(); $result = $pdo->exec($sql); $id = $pdo->lastInsertId(); $pdo->commit(); } catch (PDOException $ex) { $pdo->rollBack(); } if ($result) { $result = $id; } return $result; } /** * 获取巴士供应商列表 */ public function getSupply() { $sql = "SELECT a.supplier_id, b.supplier_name FROM base_supplier_purchase AS a INNER JOIN base_supplier AS b ON a.supplier_id = b.id WHERE a.product_type = 310 AND a.cancel_flag = 0 AND b.cancel_flag = 0 AND b.is_disabled = 0 GROUP BY a.supplier_id"; $res = $this->query($sql); return $res; } /** * 获取巴士渠道商列表 */ public function getChannel() { $sql = "SELECT a.supplier_id, b.supplier_name FROM base_supplier_sale AS a INNER JOIN base_supplier AS b ON a.supplier_id = b.id WHERE a.parent_type = 310 AND a.cancel_flag = 0 AND b.cancel_flag = 0 AND b.is_disabled = 0 GROUP BY a.supplier_id"; $res = $this->query($sql); return $res; } /** * 获取产品线（组合线路） * @return array|null */ public function productLine() { $sql = "select id,type_name from dict_type where PARENT_ID=323"; //获取产品线 $res = $this->query($sql); return $res; } /** * 售卖情况时间列表 * @return array */ public function getTimeType() { $time_sql = "SELECT id, type_name FROM dict_type WHERE parent_id = 320"; $res = $this->query($time_sql);//售卖情况时间列表 return $res; } /** * 巴士类型表 * @return array */ public function getBusType() { $bus_type = array( 0 => array( 'id' => '255', 'name' => '直通巴士' ), 1 => array( 'id' => '256', 'name' => '穿梭巴士' ) ); $res = $bus_type; return $res; } /** * 获取座位类型 */ public function getSeat() { $sql = "SELECT id, type_name FROM dict_type WHERE parent_id = 71"; $res = $this->query($sql); return $res; } /** * 获取人群类型 */ public function getPeopleType() { $sql = "SELECT id, type_name FROM dict_type WHERE parent_id = 158"; $res = $this->query($sql); return $res; } /* * 验证post传递的参数是否合法 * 默认提交的全是POST请求 */ private function validatePost() { $post = array(); if (isset($_POST) && !empty($_POST)) { $post = array_merge($post, $_POST); } if (isset($_REQUEST) && !empty($_REQUEST)) { $post = array_merge($post, $_REQUEST); } if (isset($_GET) && !empty($_GET)) { $post = array_merge($post, $_GET); } if (!empty($post)) { if (isset($_POST['error'])) unset($_POST['error']); foreach (array_keys($post) as $array_key) { if (!$this->validateString($post[$array_key])) { return false; } } } return true; } /* * 验证参数是否合法 * @return 合法:true 非法:false */ private function validateString($str) { $check = 0; if (is_string($str)) $check = preg_match('/select |insert |update |delete |union|into|load_file|outfile/', $str); return $check == 0 ? true : false; } }