[英]Php oop not getting data from db
So I have this piece of code that I just followed some guide to create, 所以我有一段代码,我只是按照一些指南来创建的,
<?php
session_start();
if (isset($_POST['submit'])) {
include 'db.conf.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
$_SESSION['uid'] = $uid;
//Error handleri
//Check jesu inputi empty
if (empty($uid) || empty($pwd))
{
header("Location: ../index.php?login=empty");
exit();
}
else
{
$sql = "SELECT * FROM users WHERE user_uid = '$uid' OR user_email = '$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1)
{
header("Location: ../index.php?login=usernamenepostoji");
exit();
}
else
{
if ($row = mysqli_fetch_assoc($result)) {
//Dehashiranje
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=invalidpass");
exit();
}
elseif ($hashedPwdCheck == true)
{
//Logiranje
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../index.php?login=success");
exit();
}
}
}
}
}
else
{
header("Location: ../index.php?login=error");
exit();
}
?>
It's just simple error handling and logging in that works. 只是简单的错误处理和登录即可。 I understand it and wanted to recreate it with a bit more oop. 我理解它,并希望再加上一点。
<?php
session_start();
include 'db.conf.php';
class Login
{
public $username;
public $password;
function __construct()
{
$this->username = $_POST['uid'];
$this->password = $_POST['pwd'];
$this->checkinputs();
}
function checkinputs()
{
if (empty($this->username) || empty($this->password))
{
header("Location: ../index.php?login=empty");
exit();
}
else
{
$username = $this->username;
$sql = "SELECT * FROM users WHERE user_uid =".$username;
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1)
{
header("Location: ../index.php?login=usernamenepostoji");
exit();
}
else
{
if ($row = mysqli_fetch_assoc($result)) {
//Dehashiranje
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=invalidpass");
exit();
}
elseif ($hashedPwdCheck == true)
{
//Logiranje
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../index.php?login=success");
exit();
}
}
}
}
}
}
?>
This is what I got, it's literally the same code just using functions and other things to 'seperate' it into chunks. 这就是我得到的,只是使用函数和其他东西将其“分离”成块而已,实际上是相同的代码。 It doesn't work. 没用 I keep getting stuck on the if $resultCheck < 1 header which means that the username doesn't exist. 我一直卡在if $ resultCheck <1标头上,这意味着用户名不存在。 Though I'm sure it does since nothing changed in the db. 虽然我确定是可以的,因为数据库中没有任何变化。 So it lead me to thinking its the $conn, it just doesn't connect to the database. 因此,它使我想到了它的$ conn,它只是没有连接到数据库。 I've dumped the $username variable in a file to check if it works, it does. 我已经将$ username变量转储到文件中,以检查它是否有效。 I just have no idea how to proceed. 我只是不知道如何进行。
$conn
doesn't exist in method checkinputs()
. $conn
在方法checkinputs()
中不存在。
Either make it global: 使其成为全球性:
function checkinputs()
{
global $conn;
...
}
which I would not recommend (because using globals is disencouraged ). 我不建议这样做(因为不建议使用globals )。
or pass it into Login::_construct()
and set it to $this->conn
(then use it as $this->conn
: $result = mysqli_query($this->conn, $sql);
): 或将其传递到Login::_construct()
并将其设置为$this->conn
(然后将其用作$this->conn
: $result = mysqli_query($this->conn, $sql);
):
function __construct($conn)
{
$this->conn = $conn; // maybe also check if you have a valid connection!
$this->username = $_POST['uid'];
$this->password = $_POST['pwd'];
$this->checkinputs();
}
function checkinputs()
{
// no global now!
....
$result = mysqli_query($this->conn, $sql);
....
}
BUT : please switch to prepared stements . 但是 :请切换到准备好的角色 。 This code is vulnerable to sql injection! 此代码容易受到sql注入的攻击!
related: Reference: What is variable scope, which variables are accessible from where and what are "undefined variable" errors? 相关: 参考:什么是变量范围,哪些变量可从何处访问,什么是“未定义的变量”错误?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.