real_escape_string 不适用于 php oop
real_escape_string is not working for php oop
我有两个class如下:
class-1: connection_class.php
class connection{
public $connection;
function __construct(){
$this->db_connect();
}
private function db_connect(){
$this->conn = @ new mysqli('localhost', 'username', 'password');
if ($this->connection->connect_error) {
$this->connection = FALSE;
$this->warn = '<br />Failed to connect database! Please try again later';
}
}
}
和登录class:
class-2: login_class.php
class login{
private $conn;
function __construct($con){
if($con->connection==FALSE){
echo $con->warn;
exit();
}else{
$this->conn=$con->connection;
}
}
public function get_user($sql){
$this->db_select('database_name');
$result = $this->conn->query($logopt['sql']);
if($result->num_rows>=1){
return $result;
}else{
return FALSE;
}
}
}
现在从登录页面:
页数:login.php
include_once('connection_class.php');
$con = new connection();
include_once('login_class.php');
$login = new login($con);
$sql= "SELECT * FROM access WHERE username='".real_escape_string($user_name)."' AND password='".$pass_word."'";
$user=$login->getuser($sql);
if($user){
echo 'User found';
}else{
echo 'User not found';
}
此处如果我使用 real_escape_string($user_name) 或 mysqli_real_escape_string($user_name),login.php 会显示以下错误:
Fatal error: Call to undefined function real_escape_string() in
...........
在我的情况下如何使用 real_escape_string?
您忘记在函数的开头添加 msql_
正确的函数是 mysql_real_escape_string();
使用它而不是如上所述的 real_escape_string();
。
希望这能解决您的问题。
由于您将 mysqli 连接包装在另一个 class 中,您将需要在连接 class.
中公开调用 real_escape_string
的方法
例如:
class connection{
public $connection;
function __construct(){
$this->db_connect();
}
private function db_connect(){
$this->conn = @ new mysqli('localhost', 'username', 'password');
if ($this->connection->connect_error) {
$this->connection = FALSE;
$this->warn = '<br />Failed to connect database! Please try again later';
}
}
public function real_escape_string($string) {
// todo: make sure your connection is active etc.
return $this->conn->real_escape_string($string);
}
}
然后,改变
$sql= "SELECT * FROM access WHERE username='".real_escape_string($user_name)."' AND password='".$pass_word."'";
到
$sql= "SELECT * FROM access WHERE username='".$con->real_escape_string($user_name)."' AND password='".$pass_word."'";
奖励评论:您的 login
class 实际上并未使用您对 运行 查询的连接。您需要解决这个问题(具体来说:$this->db_select('database_name');
)。
我有两个class如下:
class-1: connection_class.php
class connection{
public $connection;
function __construct(){
$this->db_connect();
}
private function db_connect(){
$this->conn = @ new mysqli('localhost', 'username', 'password');
if ($this->connection->connect_error) {
$this->connection = FALSE;
$this->warn = '<br />Failed to connect database! Please try again later';
}
}
}
和登录class: class-2: login_class.php
class login{
private $conn;
function __construct($con){
if($con->connection==FALSE){
echo $con->warn;
exit();
}else{
$this->conn=$con->connection;
}
}
public function get_user($sql){
$this->db_select('database_name');
$result = $this->conn->query($logopt['sql']);
if($result->num_rows>=1){
return $result;
}else{
return FALSE;
}
}
}
现在从登录页面: 页数:login.php
include_once('connection_class.php');
$con = new connection();
include_once('login_class.php');
$login = new login($con);
$sql= "SELECT * FROM access WHERE username='".real_escape_string($user_name)."' AND password='".$pass_word."'";
$user=$login->getuser($sql);
if($user){
echo 'User found';
}else{
echo 'User not found';
}
此处如果我使用 real_escape_string($user_name) 或 mysqli_real_escape_string($user_name),login.php 会显示以下错误:
Fatal error: Call to undefined function real_escape_string() in ...........
在我的情况下如何使用 real_escape_string?
您忘记在函数的开头添加 msql_
正确的函数是 mysql_real_escape_string();
使用它而不是如上所述的 real_escape_string();
。
希望这能解决您的问题。
由于您将 mysqli 连接包装在另一个 class 中,您将需要在连接 class.
中公开调用real_escape_string
的方法
例如:
class connection{
public $connection;
function __construct(){
$this->db_connect();
}
private function db_connect(){
$this->conn = @ new mysqli('localhost', 'username', 'password');
if ($this->connection->connect_error) {
$this->connection = FALSE;
$this->warn = '<br />Failed to connect database! Please try again later';
}
}
public function real_escape_string($string) {
// todo: make sure your connection is active etc.
return $this->conn->real_escape_string($string);
}
}
然后,改变
$sql= "SELECT * FROM access WHERE username='".real_escape_string($user_name)."' AND password='".$pass_word."'";
到
$sql= "SELECT * FROM access WHERE username='".$con->real_escape_string($user_name)."' AND password='".$pass_word."'";
奖励评论:您的 login
class 实际上并未使用您对 运行 查询的连接。您需要解决这个问题(具体来说:$this->db_select('database_name');
)。