[英]real_escape_string is not working for php oop
I have two classes which are below: 我有以下两个课程:
class-1: connection_class.php 第1类:connection_class.php
class connection{
public $connection;
function __construct(){
$this->db_connect();
}
private function db_connect(){
$this->conn = @ new mysqli('localhost', 'username', 'password');
if ($this->connection->connect_error) {
$this->connection = FALSE;
$this->warn = '<br />Failed to connect database! Please try again later';
}
}
}
and a loginclass: class-2: login_class.php 和一个登录类:class-2:login_class.php
class login{
private $conn;
function __construct($con){
if($con->connection==FALSE){
echo $con->warn;
exit();
}else{
$this->conn=$con->connection;
}
}
public function get_user($sql){
$this->db_select('database_name');
$result = $this->conn->query($logopt['sql']);
if($result->num_rows>=1){
return $result;
}else{
return FALSE;
}
}
}
Now from login page: Page: login.php 现在从登录页面:页面:login.php
include_once('connection_class.php');
$con = new connection();
include_once('login_class.php');
$login = new login($con);
$sql= "SELECT * FROM access WHERE username='".real_escape_string($user_name)."' AND password='".$pass_word."'";
$user=$login->getuser($sql);
if($user){
echo 'User found';
}else{
echo 'User not found';
}
Here If I use real_escape_string($user_name) or mysqli_real_escape_string($user_name), login.php is showing following error: 在这里,如果我使用real_escape_string($ user_name)或mysqli_real_escape_string($ user_name),login.php显示以下错误:
Fatal error: Call to undefined function real_escape_string() in ...........
致命错误:在.........中调用未定义的函数real_escape_string()
How can I user real_escape_string in my case? 我该如何使用real_escape_string?
Since you are wrapping your mysqli connection in another class, you will need to expose a method for calling real_escape_string
in your connection class. 由于将mysqli连接包装在另一个类中,因此需要在连接类中公开一个用于调用
real_escape_string
的方法。
eg: 例如:
class connection{
public $connection;
function __construct(){
$this->db_connect();
}
private function db_connect(){
$this->conn = @ new mysqli('localhost', 'username', 'password');
if ($this->connection->connect_error) {
$this->connection = FALSE;
$this->warn = '<br />Failed to connect database! Please try again later';
}
}
public function real_escape_string($string) {
// todo: make sure your connection is active etc.
return $this->conn->real_escape_string($string);
}
}
And then, change 然后,改变
$sql= "SELECT * FROM access WHERE username='".real_escape_string($user_name)."' AND password='".$pass_word."'";
to 至
$sql= "SELECT * FROM access WHERE username='".$con->real_escape_string($user_name)."' AND password='".$pass_word."'";
Bonus comment: your login
class isn't actually using your connection to run queries. 值得一提的是:您的
login
类实际上并未使用您的连接来运行查询。 You need to fix that (specifically: $this->db_select('database_name');
). 您需要解决此问题(特别是:
$this->db_select('database_name');
)。
You forget to add msql_
at the beginning of the function the correct function is mysql_real_escape_string();
您忘了在函数开头添加
msql_
,正确的函数是mysql_real_escape_string();
msql_
use this instead of real_escape_string();
用它代替
real_escape_string();
as stated above. 如上所述。
Hope this will solve your problem. 希望这能解决您的问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.