[英]real_escape_string is not working for php oop
我有以下兩個課程:
第1類:connection_class.php
class connection{
public $connection;
function __construct(){
$this->db_connect();
}
private function db_connect(){
$this->conn = @ new mysqli('localhost', 'username', 'password');
if ($this->connection->connect_error) {
$this->connection = FALSE;
$this->warn = '<br />Failed to connect database! Please try again later';
}
}
}
和一個登錄類:class-2:login_class.php
class login{
private $conn;
function __construct($con){
if($con->connection==FALSE){
echo $con->warn;
exit();
}else{
$this->conn=$con->connection;
}
}
public function get_user($sql){
$this->db_select('database_name');
$result = $this->conn->query($logopt['sql']);
if($result->num_rows>=1){
return $result;
}else{
return FALSE;
}
}
}
現在從登錄頁面:頁面:login.php
include_once('connection_class.php');
$con = new connection();
include_once('login_class.php');
$login = new login($con);
$sql= "SELECT * FROM access WHERE username='".real_escape_string($user_name)."' AND password='".$pass_word."'";
$user=$login->getuser($sql);
if($user){
echo 'User found';
}else{
echo 'User not found';
}
在這里,如果我使用real_escape_string($ user_name)或mysqli_real_escape_string($ user_name),login.php顯示以下錯誤:
致命錯誤:在.........中調用未定義的函數real_escape_string()
我該如何使用real_escape_string?
由於將mysqli連接包裝在另一個類中,因此需要在連接類中公開一個用於調用real_escape_string
的方法。
例如:
class connection{
public $connection;
function __construct(){
$this->db_connect();
}
private function db_connect(){
$this->conn = @ new mysqli('localhost', 'username', 'password');
if ($this->connection->connect_error) {
$this->connection = FALSE;
$this->warn = '<br />Failed to connect database! Please try again later';
}
}
public function real_escape_string($string) {
// todo: make sure your connection is active etc.
return $this->conn->real_escape_string($string);
}
}
然后,改變
$sql= "SELECT * FROM access WHERE username='".real_escape_string($user_name)."' AND password='".$pass_word."'";
至
$sql= "SELECT * FROM access WHERE username='".$con->real_escape_string($user_name)."' AND password='".$pass_word."'";
值得一提的是:您的login
類實際上並未使用您的連接來運行查詢。 您需要解決此問題(特別是: $this->db_select('database_name');
)。
您忘了在函數開頭添加msql_
,正確的函數是mysql_real_escape_string();
msql_
用它代替real_escape_string();
如上所述。
希望這能解決您的問題。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.