如何通过用户输入在 PHP 中使用 getter 和 setter

How To Use Getters And Setters In PHP With User Input

我已经创建了一个注册表单,现在我想使用 Getters 和 Setters 插入数据。我创建了 intAll.php 文件,其中包含 HTML 结构和 PHP 函数,然后我创建了 Encap.php 文件,其中包含数据库连接、我的 SQL 查询和 Getters/Setters。现在我想将我的输入数据传递到 Encap.php 文件,我想在 Encap.php 文件中捕获它们并插入到我的 SQL 数据库中,但我的代码不起作用。

那么,如何解决这个问题?

intAll.php File

<?php  

 include 'Encap.php';  
 $InsertData = new Databases; 

 $success_message = '';  
 if(isset($_POST["submit"]))  
 {  

    $InsertData->setName($_POST['name']);
    $InsertData->setUsername($_POST['username']);
    $InsertData->setPassword($_POST['password']);

    //$name=$_POST['name'];
    //$username=$_POST['username'];
    //$password=$_POST['password'];

      if($InsertData->insertsingle())  
      {  
           $success_message = 'Post Inserted';  
      }       
 }  
 ?>  
 <!DOCTYPE html>  
 <html>  
      <head>  
           <title>Insert data into Table using OOPS in PHP</title>  
           <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />  
           <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>  
           <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js"></script>  
      </head>  
      <body>  
           <br /><br />  
           <div class="container" style="width:700px;">  
                <form method="post">  
                     <label>Name</label>  
                     <input type="text" name="name" class="form-control" />  
                     <br />  
                     <label>Username</label>  
                     <input type="text" name="username" class="form-control" />  
                     <br /> 
                     <label>Password</label>  
                     <input type="text" name="password" class="form-control" />  
                     <br />
                     <input type="submit" name="submit" class="btn btn-info" value="Submit" />  
                     <span class="text-success">  
                     <?php  
                     if(isset($success_message))  
                     {  
                          echo $success_message;  
                     }  
                     ?>  
                     </span>  
                </form>  
           </div>  
      </body>  
 </html>

Encap.php File

<?php   

 class Databases{  
      public $con;  

      private $id;
      private $name;
      private $username;
      private $password;

      function setId($id) { 
          $this->id = $id; 
          }

      function getId() {
          return $this->id; 
          }

      function setName($name) { 
          $this->name = $name; 
          }

      function getName() { 
          return $this->name; 
          }

      function setUsername($username) { 
          $this->username = $username; 
          }

      function getUsername() { 
          return $this->username; 
          }

      function setPassword($password) { 
          $this->password = $password; 
          }

      function getPassword() { 
          return $this->password; 
          }

      public function __construct()  
      {  
           $this->con = mysqli_connect("localhost", "root", "", "portal");  
           if(!$this->con)  
           {  
                echo 'Database Connection Error ' . mysqli_connect_error($this->con);  
           }  
      }

        public function insertsingle()  
      {  
           $string = "INSERT INTO academic (name,username,pw) VALUES ('getName()','getUserName()','getPassword()')";
           $rsint=mysqli_query($this->con, $string);  
           return $rsint;
      }

 }  
 ?>

您不能在字符串中调用函数。你应该中断你的字符串来做到这一点:

public function insertsingle()  
{  
     $string = "INSERT INTO academic (name,username,pw) VALUES ('" . $this->getName() . "','" . $this->getUserName() . "','" . $this->getPassword() . "')";
     $rsint=mysqli_query($this->con, $string);  
     return $rsint;
}

但是,由于您没有在任何地方清理用户输入,此代码容易受到 SQL 注入攻击,您应该改用准备好的语句(注意:未经测试的代码,可能需要调整一点点):

public function insertsingle()  
{  
     $string = "INSERT INTO academic (name,username,pw) VALUES (?, ?, ?)";
     $stmt = mysqli_prepare($this->con, $string);
     $stmt->bind_param("sss", $this->getName(), $this->getUserName(), $this->getPassword());
     $rsint = $stmt->execute();
     return $rsint;
}