PHP类,在另一个PHP文件中使用查询函数
我有两个类文件:一个名为class.database.php,它仅用于必须在数据库上执行的任何函数(连接、断开连接、查询等) 这是class.database.php:PHP类,在另一个PHP文件中使用查询函数,php,mysql,Php,Mysql,我有两个类文件:一个名为class.database.php,它仅用于必须在数据库上执行的任何函数(连接、断开连接、查询等) 这是class.database.php: <?php class DATABASE { public function __construct() { $this->getConnected(); } public function getConnected() { $dbHost = "lo
<?php
class DATABASE
{
public function __construct() {
$this->getConnected();
}
public function getConnected() {
$dbHost = "localhost";
$dbUser = "tysonmoyes";
$dbPassword = "F!lmtrepid";
$db = "tysonmoyes";
$dbConn = new mysqli($dbHost, $dbUser, $dbPassword, $db);
$this->dbConn = $dbConn;
}
function queryDB($queryString) {
return mysqli_query($this->getConnected(), $queryString);
}
public function close() {
mysqli_close($this->connection);
}
}
?>
我的第二个类文件名为class.users.php,它处理用户帐户上的所有信息。看起来是这样的:
<?php
include_once('config.php');
class USER
{
private $conn;
// All the variables needed for the user profile.
public $username;
public $userID;
public $password;
public $firstName;
public $lastName;
public $emailAddress;
public $address;
public $city;
public $province;
public $country;
var $myConn;
function __construct($conn){
$this->myConn = $conn;
}
function createNewUser($username, $password) {
// Clean inputs
$username = trim($username);
$password = trim($password);
// Encrypt password
$password = md5($password);
// Check if username already exists
$checkSQL = "SELECT * FROM users WHERE username = '$username'";
$checkResult = $this->myConn->queryDB($checkSQL);
if($checkResult->num_rows > 0) {
$error = "true";
$errorMessage = "This username has already been taken. Please try again";
}
else {
$insertSQL = "INSERT INTO users(username, password) VALUES('$username', '$password')";
//$insertResult = $this->callDB()->query($insertSQL);
// Get the user ID
$userID = $this->insert_id;
// Set the SESSION globals
$_SESSION['username'] = $username;
$_SESSION['userID'] = $userID;
}
}
function login($username, $password) {
$sql = "SELECT * FROM users WHERE username = '$username' && password = '$password'";
$result = $this->conn->query($sql);
$row = $this->conn->fetch_array($result, MYSQL_ASSOC);
$count = $this->conn->num_rows($result);
if ($count == 1) {
// Set Session Variables
$_SESSION['username'] = $username;
$_SESSION['userID'] = $row['userID'];
return true;
}
}
function isLoggedIn() {
if(isset($_SESSION['username'])) {
return true;
}
else {
return false;
}
}
function redirect($url) {
header("Location: $url");
}
function logout() {
session_destroy();
unset($_SESSION['username']);
}
}
?>
如您所见,class.user.php调用一个“config.php”文件,该文件使用创建新数据库时创建的链接创建一个新数据库和一个新用户:
<?php
// Turn on all error reporting
ERROR_REPORTING(E_ALL);
ini_set('display_errors', 1);
// Start Session
session_start();
// Set error to false, and blank error message
$error = "false";
$errorMessage = "";
// Include Database info
require_once('class.database.php');
$link = new DATABASE();
// Include User info
require_once('class.user.php');
// Create instance for user class
$activeUser = new USER($link);
?>
现在,我想把重点放在我的查询上,因为它们都不起作用,我明白为什么。查询函数位于数据库类中,但$this指向用户类
我的问题是:我应该如何编写查询以便它正确地调用数据库类
另外,在任何人提到它之前,是的,我知道md5是否定的,但这是针对一个将使用模拟用户数据的类项目,我们的教授说md5对于这个项目来说已经足够加密了
编辑:出于这个原因,我们可以关注class.user.php中的createNewUser函数吗?这就是我目前正在扮演的角色 我想你忘记返回数据库连接链接了
class DATABASE
{
protected $dbConn; //connection link
protected static $dbHost = "localhost";
protected static $dbUser = "tysonmoyes";
protected static $dbPassword = "F!lmtrepid";
protected static $db = "tysonmoyes";
public function __construct() {
$this->getConnected();
}
public function getConnected() {
//if connection link allready exists return it;
if(isset($this->dbConn)) {
return $this->dbConn;
}
$this->dbConn = new mysqli(self::$dbHost, self::$dbUser, self::$dbPassword, self::$db);
return $this->dbConn;
}
function queryDB($queryString) {
return mysqli_query($this->getConnected(), $queryString);
}
public function close() {
mysqli_close($this->dbConn);
}
}
数据库类:
<?php
class DATABASE
{
public function __construct() {
$this->getConnected();
}
public function getConnected() {
$dbHost = "localhost";
$dbUser = "tysonmoyes";
$dbPassword = "F!lmtrepid";
$db = "tysonmoyes";
$dbConn = new mysqli($dbHost, $dbUser, $dbPassword, $db);
$this->dbConn = $dbConn;
return $dbConn;
}
function queryDB($queryString) {
return mysqli_query($this->getConnected(), $queryString);
}
public function close() {
mysqli_close($this->connection);
}
}
?>
为什么,不建立一个数据库连接链接。是否每次都不使用getConnected方法与数据库建立新连接 在类数据库的方法close中,$this->connection是什么,也许它一定是一个连接链接
class DATABASE
{
protected $dbConn; //connection link
protected static $dbHost = "localhost";
protected static $dbUser = "tysonmoyes";
protected static $dbPassword = "F!lmtrepid";
protected static $db = "tysonmoyes";
public function __construct() {
$this->getConnected();
}
public function getConnected() {
//if connection link allready exists return it;
if(isset($this->dbConn)) {
return $this->dbConn;
}
$this->dbConn = new mysqli(self::$dbHost, self::$dbUser, self::$dbPassword, self::$db);
return $this->dbConn;
}
function queryDB($queryString) {
return mysqli_query($this->getConnected(), $queryString);
}
public function close() {
mysqli_close($this->dbConn);
}
}
正如我的评论和其他人提到的,首先返回连接 我个人认为PDO会是一个更好的选择,因为参数化非常简单,但您可能应该使用
mysqli\uuu
,所以我会稍微修改一下您的设置。这不是测试,只是记录差异:
/classes/Database.php
<?php
class Database
{
private static $singleton,
$con;
# I LIKE TO RETURN THE SAME INSTANCE OF A CLASS HERE, OPTIONAL
public function __construct()
{
if(!(self::$singleton instanceof Database))
self::$singleton = $this;
return self::$singleton;
}
# I LIKE TO STORE THE CONNECTIONS AND RETURN IT INSTEAD OF POSSIBLY
# CREATING A NEW INSTANCE
public function getConnected()
{
# IF THIS STATIC IS NOT A CONNECTION, MAKE ONE
if(!(self::$con instanceof MySQLi))
self::$con = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
# RETURN THE CONNECTION
return self::$con;
}
public function query($sql)
{
return mysqli_query(self::$con, $sql);
}
public function close()
{
mysqli_close(self::$con);
}
}
<?php
# I PERSONALLY LIKE TO USE A CONFIG (PREFS FILE) TO STORE MY DB INFO INCASE IT CHANGES
define('DB_HOST',"localhost");
define('DB_USER',"tysonmoyes");
define('DB_PASS',"F!lmtrepid");
define('DB_NAME',"tysonmoyes");
define('DS',DIRECTORY_SEPARATOR);
# I ALSO LIKE TO STORE PATH CONSTANTS SO IT'S AN EASY AND CONSISTANT WAY TO
# LOCATE/INCLUDE FILES
define('ROOT_DIR',__DIR__);
define('CLASS_DIR',ROOT_DIR.DS.'classes');
# START SESSION
session_start();
# USING AN AUTOLOADER IS A MUST ON CLASSES
spl_autoload_register(function($class) {
if(class_exists($class))
return;
# SHOULD RETURN A PATH LIKE:
# /var/www/domain/httpdocs/myproject/classes/Database.php
# WHEN CALLING $Database = new Database();
$path = str_replace(DS.DS,DS,CLASS_DIR.DS.str_replace("\\",DS,$class)).'.php';
# Presuming the file is named properly (and I have done the path right),
# it would add the class file for you without using include anywhere.
if(is_file($path))
include_once($path);
});
<?php
class User
{
private $conn;
# I WOULD SET ALL USER INFO TO AN ARRAY INSTEAD OF IN SEPARATE VARIABLES
private $userData = array();
# I MIGHT HINT AT TYPE HERE
public function __construct(\Database $conn)
{
$this->conn = $conn;
}
public function createNewUser($username, $password)
{
$username = trim($username);
$password = trim($password);
// Encrypt password
$password = password_hash($password);
// Check if username already exists
# SQL INJECTION ISSUE HERE, YOU NEED TO BIND PARAMS HERE
$checkSQL = "SELECT * FROM users WHERE username = '$username'";
$checkResult = $this->conn->query($checkSQL);
if($checkResult->num_rows > 0) {
$error = "true";
$errorMessage = "This username has already been taken. Please try again";
}
else {
# INJECTION ISSUE HERE
$insertSQL = "INSERT INTO users(username, password) VALUES('$username', '$password')";
//$insertResult = $this->conn->query($insertSQL);
// Get the user ID
$userID = $this->conn->getConnected()->insert_id;
// Set the SESSION globals
$_SESSION['username'] = $username;
$_SESSION['userID'] = $userID;
}
}
public function login($username, $password)
{
# YOU SHOULD NOT BE INJECTING HERE. I USE PDO, SO I WON'T
# ATTEMPT A GOOD FIX HERE...BUT A FIX IS REQUIRED
# YOU SHOULD ALSO NOT MATCH PASSWORD HERE, JUST USERNAME
# USE password_verify() TO MATCH HASH
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $this->conn->query($sql);
$row = $this->conn->getConnected()->fetch_array($result, MYSQL_ASSOC);
# DO A CHECK FIRST THAT THERE IS A ROW RETURNED FOR USERNAME (NOT SHOWN IN MY EXAMPLE...)
# DO THE MATCH HERE
$valid = password_verify($_POST['password'],$row['password']);
if($valid) {
// Set Session Variables
$_SESSION['username'] = $username;
$_SESSION['userID'] = $row['userID'];
return true;
}
}
public function isLoggedIn()
{
if(isset($_SESSION['username'])) {
return true;
}
else {
return false;
}
}
public function redirect($url)
{
header("Location: $url");
# YOU SHOULD EXIT HERE
exit;
}
public function logout()
{
session_destroy();
unset($_SESSION['username']);
# YOU SHOULD PROBABLY REDIRECT HERE TO REFRESH THE SESSION
}
}
# INCLUDE THE CONFIG ON ALL PAGES
include(__DIR__.DIRECTORY_SEPARATOR.'config.php');
$Database = new Database();
$User = new User($Database);
你为什么不在你的用户类中继承(扩展)你的数据库类呢?Rohit,正确的格式应该是:class USER extend Database,correct?
class USER extends Database
在这种情况下,你不需要这个//包含数据库信息require\u一次('class.Database.php')$link=新数据库()
您的登录没有使用正确的连接,从我看到,您应该使用$this->myConn
而不是$this->conn
。最后,您的$this->dbConn
需要在getConnected()
方法中返回。这可能是导致连接无法工作的主要原因。\uu结构中的返回
-这有什么意义?我不认为应该是特里亚,真的@return语句必须在方法getConnected中(因为它是从_构造调用的)。