如果在php类中建立连接并且在单独的函数文件中使用mysqli_real_escape_string函数,如何使用mysql连接?
[英]How can I use mysql connection if connection is made in a php class and the function mysqli_real_escape_string is used in a separate functions file?
问题描述
I am working on a project in which I am using mysqli extension. 
我正在使用mysqli扩展的项目中工作。 I have made mysql connection in a PHP class called Connect.class.php like this - 我已经在名为Connect.class.php的PHP类中建立了mysql连接,如下所示:
// connect to db
public function connect()
{
$this->con = @mysqli_connect($this->db_host, $this->db_username, $this->db_password, $this->db_name) or die("Couldn't connect! " . mysqli_connect_error());
return $this->con;
}
And I have one another file called functions.php in which I am sanitizing the input data like this - 我还有一个名为functions.php的文件,其中我正在清理输入数据,如下所示-
// filter user input data
function filter_data($input)
{
$sanitized_data = mysqli_real_escape_string(connection, htmlspecialchars(trim($input), ENT_QUOTES, "UTF-8"));
return $sanitized_data;
}
Now the above code will not work since it has not correct connection parameter. 现在上面的代码将不起作用,因为它没有正确的连接参数。 I am not understanding how can I provide it proper connection that is made from my PHP class Connect.class.php. 我不明白如何提供由我的PHP类Connect.class.php建立的正确连接。 Since the property of an object can not be used in a function of a separate file ie i cant use $this->con. 由于对象的属性不能用于单独文件的功能,即我不能使用$ this-> con。
If I use simple mysql in place of mysqli then there is no problem at all since mysql_real_escape_string() doesn't need connection as a necessary parameter. 如果我使用简单的mysql代替mysqli,那么根本没有问题,因为mysql_real_escape_string()不需要连接作为必要的参数。 So what to do in this situation? 那么在这种情况下该怎么办?
1 个解决方案
解决方案1
0 已采纳 2014-07-15 07:01:06
You can do it by more than one way : 您可以通过多种方法来实现:
1.1- Try putting the escape function inside the connect class, inside a function. 1.1-尝试将转义功能放在函数内的connect类中。
//Make a function _escape($str) and put mysqli_real_escape_string($this->con,$str) in it
//Connect.class.php
public function _escape($str){
return mysqli_real_escape_string($this->con, htmlspecialchars(trim($input), ENT_QUOTES, "UTF-8"));
}
1.2.1 (Sub method 1) Create an object of connect inside the function and run the escape method 1.2.1(子方法1)在函数内部创建一个connect对象并运行转义方法
// filter user input data
function filter_data($input)
{
$db = new Connect();
$db->connect();
return $db->_escape($input);
}
1.2.2 (Sub method 2) Just run the escape method outside filter_data, don't use this function any more 1.2.2(子方法2)只需在filter_data外部运行转义方法,就不再使用此函数
$db = new Connect();
$db->connect();
$filtered = $db->_escape($input);
2.1 Use the same approach as in one but don't put the escape function inside connect just make an extended class(Example dbFilter) and put it in there 2.1使用与第一种方法相同的方法,但不要将转义函数放在connect内部,只需制作一个扩展类(示例dbFilter)并将其放在其中
3.1 Use the connection object return by connect function 3.1使用connect函数返回的连接对象
// altered filter user input data
function filter_data($input, $conn)
{
$sanitized_data = mysqli_real_escape_string($conn, htmlspecialchars(trim($input), ENT_QUOTES, "UTF-8"));
return $sanitized_data;
}
//call it
$db = new Connect();
$conn = $db->connect();
filter_data($input, $conn);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.