我有一个简单的问题。我有这个文件检查密码是否有效:
检查:
<?php
include('inc/db.php');
include('inc/functions.php');
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
validateInput($myusername, $mypassword);
?>
功能:
<?php
function validateInput($naam, $password) {
$myusername = stripslashes($naam);
$mypassword = stripslashes($password);
$myusername = $conn->real_escape_string($myusername);
$mypassword = $conn->real_escape_string($mypassword);
$sql = "SELECT * FROM user WHERE naam='$myusername' and paswoord='$mypassword'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "ingelogd";
}else{
echo "niet ingelogd ";
}
}
?>
和
<?php
$servername = "";
$username = "";
$password = "";
$dbname = "";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
else{
echo "works<br/><br/>";
}
&GT;
现在由于某种原因,validateInput函数无法访问db。它不识别$ conn var并给我这个致命错误致命错误:在第12行的mysite.nl/functions.php中调用非对象的成员函数query()
我已经完成了包含,因为db.php输出在check.php页面上有效。我做错了什么,我需要全局变量吗?
提前Thanx!
答案 0 :(得分:3)
你的问题可能很简单但实际上非常广泛,那里有很多解决方案。
几个例子:
class db extends mysqli {
static public function get_instance() {
static $conn = null;
if($conn == null) {
$conn = new static($servername, $username, $password, $dbname);
}
return $conn;
}
}
和
function validateInput($naam, $password) {
$myusername = stripslashes($naam);
$mypassword = stripslashes($password);
$myusername = db::get_instance()->real_escape_string($myusername);
$mypassword = db::get_instance()->real_escape_string($mypassword);
$sql = "SELECT * FROM user WHERE naam='$myusername' and paswoord='$mypassword'";
$result = db::get_instance()->query($sql);
if ($result->num_rows > 0) {
echo "ingelogd";
}else{
echo "niet ingelogd ";
}
}
class db {
protected $conn;
static public function get_instance() {
static $obj = null;
if($obj == null) {
$obj = new static();
}
return $obj;
}
public function __construct() {
$this->conn = new mysqli($servername, $username, $password, $dbname);
}
public function query($sql) {
return $this->conn->query($sql);
}
public function escape($string) {
return $this->conn->real_escape_string($string);
}
// this is good because you can handle errors etc, add insert/delete/update functions etc.
public function insert($table_name, $fields) {
// ..
}
public function update($table_name, $data, $where = null, $limit = null) {
// ..
}
public function select($table_name, $where = null, $order_by = null, $limit = null) {
// ..
}
// etc.
}
和
function validateInput($naam, $password) {
..
$myusername = db::get_instance()->escape($myusername);
$mypassword = db::get_instance()->escape($mypassword);
..
$result = db::get_instance()->query($sql);
}
你可能会在网上找到很多预制的DB课程
Google的第一个结果 - https://github.com/joshcam/PHP-MySQLi-Database-Class
function validateInput($naam, $password) {
global $conn; // <-------- HERE
$myusername = stripslashes($naam);
$mypassword = stripslashes($password);
$myusername = $conn->real_escape_string($myusername);
$mypassword = $conn->real_escape_string($mypassword);
$sql = "SELECT * FROM user WHERE naam='$myusername' and paswoord='$mypassword'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "ingelogd";
}else{
echo "niet ingelogd ";
}
}
$conn = new mysqli($servername, $username, $password, $dbname);
$GLOBALS['db'] = $conn;
和
function validateInput($naam, $password) {
$myusername = stripslashes($naam);
$mypassword = stripslashes($password);
$myusername = $GLOBALS['db']->real_escape_string($myusername);
$mypassword = $GLOBALS['db']->real_escape_string($mypassword);
$sql = "SELECT * FROM user WHERE naam='$myusername' and paswoord='$mypassword'";
$result = $GLOBALS['db']->query($sql);
if ($result->num_rows > 0) {
echo "ingelogd";
}else{
echo "niet ingelogd ";
}
}
$conn作为参数(由@LucM建议)
(为什么它不好?因为很可能你没有两个数据库,所以以这种方式编写代码毫无意义)
function validateInput($conn, $naam, $password) {
$myusername = stripslashes($naam);
$mypassword = stripslashes($password);
$myusername = $conn->real_escape_string($myusername);
$mypassword = $conn->real_escape_string($mypassword);
$sql = "SELECT * FROM user WHERE naam='$myusername' and paswoord='$mypassword'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "ingelogd";
}else{
echo "niet ingelogd ";
}
}
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
else{
echo "works<br/><br/>";
}
..
validateInput($conn, $naam, $password);
值得一提的是,您不应该使用stripslashes和real_escape_string。 PHP的mysqli模块支持Prepared Statements,使用它们代替自己逃避数据是一种很好的做法。