在PHP函数中启用db连接访问
我有一个简短的问题。我有一个检查密码是否有效的文件: 检查:在PHP函数中启用db连接访问,php,function,Php,Function,我有一个简短的问题。我有一个检查密码是否有效的文件: 检查: <?php include('inc/db.php'); include('inc/functions.php'); $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; validateInput($myusername, $mypassword); ?> 功能: <?php
<?php
include('inc/db.php');
include('inc/functions.php');
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
validateInput($myusername, $mypassword);
?>
<?php
function validateInput($naam, $password) {
$myusername = stripslashes($naam);
$mypassword = stripslashes($password);
$myusername = $conn->real_escape_string($myusername);
$mypassword = $conn->real_escape_string($mypassword);
$sql = "SELECT * FROM user WHERE naam='$myusername' and paswoord='$mypassword'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "ingelogd";
}else{
echo "niet ingelogd ";
}
}
?>
您的问题可能很简单,但实际上非常广泛,有很多解决方案
示例不多:
好的一个单身汉
及
甚至更好的单体数据访问层
及
你可以在网上找到很多预制的DB类
谷歌的第一个结果-
坏的单球
及
一次错误-作为参数传递$conn
(根据@LucM的建议)
(为什么不好?因为很可能您没有两个数据库,所以以这种方式编写代码是毫无意义的)
函数验证输入($conn、$naam、$password){
$myusername=stripslashes($naam);
$mypassword=stripslashes($password);
$myusername=$conn->real\u escape\u字符串($myusername);
$mypassword=$conn->real\u escape\u字符串($mypassword);
$sql=“从用户中选择*,其中naam='$myusername'和paswoord='$mypassword';
$result=$conn->query($sql);
如果($result->num_rows>0){
回声“英格洛格”;
}否则{
呼应“尼特·英格洛德”;
}
}
$conn=newmysqli($servername、$username、$password、$dbname);
//检查连接
如果($conn->connect\u错误){
die(“连接失败:”.$conn->connect\U错误);
}
否则{
回声“作品
”;
}
..
验证输入($conn、$naam、$password);
另外值得一提的是,您不应该使用stripslashes
和real\u escape\u string
。PHP的mysqli模块支持,最好使用它们,而不是自己转义数据。您必须在validateInput函数中定义$conn。您需要在validateInput()函数的范围内提供$conn
。可能会添加global$conn会有帮助。你也可以将连接作为参数传递。太棒了!一个简单的问题。在singleton示例中。我是否应该在get_instance函数中包含服务器名称和其他连接变量?@Merijndk这完全取决于您,您可以使用$username=“…”创建单独的文件,如“db_config.php”;“$servername=“…”etc
并在连接之前包含它,因此包含“db_config.php”;$conn=new static($servername、$username、$password、$dbname);
<?php
$servername = "";
$username = "";
$password = "";
$dbname = "";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
else{
echo "works<br/><br/>";
}
class db extends mysqli {
static public function get_instance() {
static $conn = null;
if($conn == null) {
$conn = new static($servername, $username, $password, $dbname);
}
return $conn;
}
}
function validateInput($naam, $password) {
$myusername = stripslashes($naam);
$mypassword = stripslashes($password);
$myusername = db::get_instance()->real_escape_string($myusername);
$mypassword = db::get_instance()->real_escape_string($mypassword);
$sql = "SELECT * FROM user WHERE naam='$myusername' and paswoord='$mypassword'";
$result = db::get_instance()->query($sql);
if ($result->num_rows > 0) {
echo "ingelogd";
}else{
echo "niet ingelogd ";
}
}
class db {
protected $conn;
static public function get_instance() {
static $obj = null;
if($obj == null) {
$obj = new static();
}
return $obj;
}
public function __construct() {
$this->conn = new mysqli($servername, $username, $password, $dbname);
}
public function query($sql) {
return $this->conn->query($sql);
}
public function escape($string) {
return $this->conn->real_escape_string($string);
}
// this is good because you can handle errors etc, add insert/delete/update functions etc.
public function insert($table_name, $fields) {
// ..
}
public function update($table_name, $data, $where = null, $limit = null) {
// ..
}
public function select($table_name, $where = null, $order_by = null, $limit = null) {
// ..
}
// etc.
}
function validateInput($naam, $password) {
..
$myusername = db::get_instance()->escape($myusername);
$mypassword = db::get_instance()->escape($mypassword);
..
$result = db::get_instance()->query($sql);
}
function validateInput($naam, $password) {
global $conn; // <-------- HERE
$myusername = stripslashes($naam);
$mypassword = stripslashes($password);
$myusername = $conn->real_escape_string($myusername);
$mypassword = $conn->real_escape_string($mypassword);
$sql = "SELECT * FROM user WHERE naam='$myusername' and paswoord='$mypassword'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "ingelogd";
}else{
echo "niet ingelogd ";
}
}
$conn = new mysqli($servername, $username, $password, $dbname);
$GLOBALS['db'] = $conn;
function validateInput($naam, $password) {
$myusername = stripslashes($naam);
$mypassword = stripslashes($password);
$myusername = $GLOBALS['db']->real_escape_string($myusername);
$mypassword = $GLOBALS['db']->real_escape_string($mypassword);
$sql = "SELECT * FROM user WHERE naam='$myusername' and paswoord='$mypassword'";
$result = $GLOBALS['db']->query($sql);
if ($result->num_rows > 0) {
echo "ingelogd";
}else{
echo "niet ingelogd ";
}
}
function validateInput($conn, $naam, $password) {
$myusername = stripslashes($naam);
$mypassword = stripslashes($password);
$myusername = $conn->real_escape_string($myusername);
$mypassword = $conn->real_escape_string($mypassword);
$sql = "SELECT * FROM user WHERE naam='$myusername' and paswoord='$mypassword'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "ingelogd";
}else{
echo "niet ingelogd ";
}
}
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
else{
echo "works<br/><br/>";
}
..
validateInput($conn, $naam, $password);