PHP类,在另一个PHP文件中使用查询函数
我有两个类文件:一个名为class.database.php,它仅用于必须在数据库上执行的任何函数(连接、断开连接、查询等) 这是class.database.php:PHP类,在另一个PHP文件中使用查询函数,php,mysql,Php,Mysql,我有两个类文件:一个名为class.database.php,它仅用于必须在数据库上执行的任何函数(连接、断开连接、查询等) 这是class.database.php: <?php class DATABASE { public function __construct() { $this->getConnected(); } public function getConnected() { $dbHost = "lo
<?php
class DATABASE
{
public function __construct() {
$this->getConnected();
}
public function getConnected() {
$dbHost = "localhost";
$dbUser = "tysonmoyes";
$dbPassword = "F!lmtrepid";
$db = "tysonmoyes";
$dbConn = new mysqli($dbHost, $dbUser, $dbPassword, $db);
$this->dbConn = $dbConn;
}
function queryDB($queryString) {
return mysqli_query($this->getConnected(), $queryString);
}
public function close() {
mysqli_close($this->connection);
}
}
?>
<?php
include_once('config.php');
class USER
{
private $conn;
// All the variables needed for the user profile.
public $username;
public $userID;
public $password;
public $firstName;
public $lastName;
public $emailAddress;
public $address;
public $city;
public $province;
public $country;
var $myConn;
function __construct($conn){
$this->myConn = $conn;
}
function createNewUser($username, $password) {
// Clean inputs
$username = trim($username);
$password = trim($password);
// Encrypt password
$password = md5($password);
// Check if username already exists
$checkSQL = "SELECT * FROM users WHERE username = '$username'";
$checkResult = $this->myConn->queryDB($checkSQL);
if($checkResult->num_rows > 0) {
$error = "true";
$errorMessage = "This username has already been taken. Please try again";
}
else {
$insertSQL = "INSERT INTO users(username, password) VALUES('$username', '$password')";
//$insertResult = $this->callDB()->query($insertSQL);
// Get the user ID
$userID = $this->insert_id;
// Set the SESSION globals
$_SESSION['username'] = $username;
$_SESSION['userID'] = $userID;
}
}
function login($username, $password) {
$sql = "SELECT * FROM users WHERE username = '$username' && password = '$password'";
$result = $this->conn->query($sql);
$row = $this->conn->fetch_array($result, MYSQL_ASSOC);
$count = $this->conn->num_rows($result);
if ($count == 1) {
// Set Session Variables
$_SESSION['username'] = $username;
$_SESSION['userID'] = $row['userID'];
return true;
}
}
function isLoggedIn() {
if(isset($_SESSION['username'])) {
return true;
}
else {
return false;
}
}
function redirect($url) {
header("Location: $url");
}
function logout() {
session_destroy();
unset($_SESSION['username']);
}
}
?>
<?php
// Turn on all error reporting
ERROR_REPORTING(E_ALL);
ini_set('display_errors', 1);
// Start Session
session_start();
// Set error to false, and blank error message
$error = "false";
$errorMessage = "";
// Include Database info
require_once('class.database.php');
$link = new DATABASE();
// Include User info
require_once('class.user.php');
// Create instance for user class
$activeUser = new USER($link);
?>
编辑:出于这个原因,我们可以关注class.user.php中的createNewUser函数吗?这就是我目前正在扮演的角色 我想你忘记返回数据库连接链接了
class DATABASE
{
protected $dbConn; //connection link
protected static $dbHost = "localhost";
protected static $dbUser = "tysonmoyes";
protected static $dbPassword = "F!lmtrepid";
protected static $db = "tysonmoyes";
public function __construct() {
$this->getConnected();
}
public function getConnected() {
//if connection link allready exists return it;
if(isset($this->dbConn)) {
return $this->dbConn;
}
$this->dbConn = new mysqli(self::$dbHost, self::$dbUser, self::$dbPassword, self::$db);
return $this->dbConn;
}
function queryDB($queryString) {
return mysqli_query($this->getConnected(), $queryString);
}
public function close() {
mysqli_close($this->dbConn);
}
}
<?php
class DATABASE
{
public function __construct() {
$this->getConnected();
}
public function getConnected() {
$dbHost = "localhost";
$dbUser = "tysonmoyes";
$dbPassword = "F!lmtrepid";
$db = "tysonmoyes";
$dbConn = new mysqli($dbHost, $dbUser, $dbPassword, $db);
$this->dbConn = $dbConn;
return $dbConn;
}
function queryDB($queryString) {
return mysqli_query($this->getConnected(), $queryString);
}
public function close() {
mysqli_close($this->connection);
}
}
?>
为什么,不建立一个数据库连接链接。是否每次都不使用getConnected方法与数据库建立新连接 在类数据库的方法close中,$this->connection是什么,也许它一定是一个连接链接
class DATABASE
{
protected $dbConn; //connection link
protected static $dbHost = "localhost";
protected static $dbUser = "tysonmoyes";
protected static $dbPassword = "F!lmtrepid";
protected static $db = "tysonmoyes";
public function __construct() {
$this->getConnected();
}
public function getConnected() {
//if connection link allready exists return it;
if(isset($this->dbConn)) {
return $this->dbConn;
}
$this->dbConn = new mysqli(self::$dbHost, self::$dbUser, self::$dbPassword, self::$db);
return $this->dbConn;
}
function queryDB($queryString) {
return mysqli_query($this->getConnected(), $queryString);
}
public function close() {
mysqli_close($this->dbConn);
}
}
正如我的评论和其他人提到的,首先返回连接 我个人认为PDO会是一个更好的选择,因为参数化非常简单,但您可能应该使用
mysqli\uuu<?php
class Database
{
private static $singleton,
$con;
# I LIKE TO RETURN THE SAME INSTANCE OF A CLASS HERE, OPTIONAL
public function __construct()
{
if(!(self::$singleton instanceof Database))
self::$singleton = $this;
return self::$singleton;
}
# I LIKE TO STORE THE CONNECTIONS AND RETURN IT INSTEAD OF POSSIBLY
# CREATING A NEW INSTANCE
public function getConnected()
{
# IF THIS STATIC IS NOT A CONNECTION, MAKE ONE
if(!(self::$con instanceof MySQLi))
self::$con = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
# RETURN THE CONNECTION
return self::$con;
}
public function query($sql)
{
return mysqli_query(self::$con, $sql);
}
public function close()
{
mysqli_close(self::$con);
}
}
<?php
# I PERSONALLY LIKE TO USE A CONFIG (PREFS FILE) TO STORE MY DB INFO INCASE IT CHANGES
define('DB_HOST',"localhost");
define('DB_USER',"tysonmoyes");
define('DB_PASS',"F!lmtrepid");
define('DB_NAME',"tysonmoyes");
define('DS',DIRECTORY_SEPARATOR);
# I ALSO LIKE TO STORE PATH CONSTANTS SO IT'S AN EASY AND CONSISTANT WAY TO
# LOCATE/INCLUDE FILES
define('ROOT_DIR',__DIR__);
define('CLASS_DIR',ROOT_DIR.DS.'classes');
# START SESSION
session_start();
# USING AN AUTOLOADER IS A MUST ON CLASSES
spl_autoload_register(function($class) {
if(class_exists($class))
return;
# SHOULD RETURN A PATH LIKE:
# /var/www/domain/httpdocs/myproject/classes/Database.php
# WHEN CALLING $Database = new Database();
$path = str_replace(DS.DS,DS,CLASS_DIR.DS.str_replace("\\",DS,$class)).'.php';
# Presuming the file is named properly (and I have done the path right),
# it would add the class file for you without using include anywhere.
if(is_file($path))
include_once($path);
});
<?php
class User
{
private $conn;
# I WOULD SET ALL USER INFO TO AN ARRAY INSTEAD OF IN SEPARATE VARIABLES
private $userData = array();
# I MIGHT HINT AT TYPE HERE
public function __construct(\Database $conn)
{
$this->conn = $conn;
}
public function createNewUser($username, $password)
{
$username = trim($username);
$password = trim($password);
// Encrypt password
$password = password_hash($password);
// Check if username already exists
# SQL INJECTION ISSUE HERE, YOU NEED TO BIND PARAMS HERE
$checkSQL = "SELECT * FROM users WHERE username = '$username'";
$checkResult = $this->conn->query($checkSQL);
if($checkResult->num_rows > 0) {
$error = "true";
$errorMessage = "This username has already been taken. Please try again";
}
else {
# INJECTION ISSUE HERE
$insertSQL = "INSERT INTO users(username, password) VALUES('$username', '$password')";
//$insertResult = $this->conn->query($insertSQL);
// Get the user ID
$userID = $this->conn->getConnected()->insert_id;
// Set the SESSION globals
$_SESSION['username'] = $username;
$_SESSION['userID'] = $userID;
}
}
public function login($username, $password)
{
# YOU SHOULD NOT BE INJECTING HERE. I USE PDO, SO I WON'T
# ATTEMPT A GOOD FIX HERE...BUT A FIX IS REQUIRED
# YOU SHOULD ALSO NOT MATCH PASSWORD HERE, JUST USERNAME
# USE password_verify() TO MATCH HASH
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $this->conn->query($sql);
$row = $this->conn->getConnected()->fetch_array($result, MYSQL_ASSOC);
# DO A CHECK FIRST THAT THERE IS A ROW RETURNED FOR USERNAME (NOT SHOWN IN MY EXAMPLE...)
# DO THE MATCH HERE
$valid = password_verify($_POST['password'],$row['password']);
if($valid) {
// Set Session Variables
$_SESSION['username'] = $username;
$_SESSION['userID'] = $row['userID'];
return true;
}
}
public function isLoggedIn()
{
if(isset($_SESSION['username'])) {
return true;
}
else {
return false;
}
}
public function redirect($url)
{
header("Location: $url");
# YOU SHOULD EXIT HERE
exit;
}
public function logout()
{
session_destroy();
unset($_SESSION['username']);
# YOU SHOULD PROBABLY REDIRECT HERE TO REFRESH THE SESSION
}
}
# INCLUDE THE CONFIG ON ALL PAGES
include(__DIR__.DIRECTORY_SEPARATOR.'config.php');
$Database = new Database();
$User = new User($Database);
你为什么不在你的用户类中继承(扩展)你的数据库类呢?Rohit,正确的格式应该是:class USER extend Database,correct?
class USER extends Database//包含数据库信息require\u一次('class.Database.php')$link=新数据库()$this->myConn$this->conn$this->dbConngetConnected()\uu结构中的返回
-这有什么意义?我不认为应该是特里亚,真的@return语句必须在方法getConnected中(因为它是从_构造调用的)。