通过扩展 PDO 类解决了这个问题:
class CustomDBConnection {
private static $conn;
// either create a new connection or return an existing one
public static function getInstance() {
if (self::$conn == null) {
global $db_hostname, $db_database, $db_username, $db_password; // probably better to store these within this class but this was quicker
self::$conn = new CustomPDO("mysql:host=$db_hostname;dbname=$db_database;charset=utf8", $db_username, $db_password, array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
}
return self::$conn;
}
}
class CustomPDO extends PDO {
public function __construct($dsn, $username = null, $password = null, $driver_options = array()) {
parent::__construct($dsn, $username, $password, $driver_options);
// Attach customised PDOStatement class
$this->setAttribute(PDO::ATTR_STATEMENT_CLASS, array('CustomPDOStatement', array($this)));
}
}
class CustomPDOStatement extends PDOStatement {
private $conn;
protected function __construct($conn) {
$this->conn = $conn; // this is most likely useless at this moment
}
public function bindParam($parameter, &$variable, $data_type = PDO::PARAM_STR, $length = null, $driver_options = null) {
$variable = InputProtection::detachEvilHTML($variable);
parent::bindParam($parameter, $variable, $data_type, $length, $driver_options);
}
public function bindValue($parameter, $value, $data_type = PDO::PARAM_STR) {
$value = InputProtection::detachEvilHTML($value);
parent::bindValue($parameter, $value, $data_type);
}
}
所以我现在基本上使用$db = CustomDBConnection::getInstance(); 而不是$db = new PDO(.......);