php - Mysqli oop method call -
i'm new implementing oop using mysqli things, have object(class) named database, real problem how call select method in index.php , how can use it
database class.php below:
class database{ private $host = null; private $user = null; private $pass = null; private $db = null; public $error = "error po sir!"; public $con; public function connect($host, $user, $pass, $db){ $this->host = $host; $this->user = $user; $this->pass = $pass; $this->db = $db; $this->con = mysqli_connect($this->host, $this->user, $this->pass); if(mysqli_connect_errno()){ echo "connection failed %s\n!", mysqli_connect_error(); exit(); } } public function select($condition){ $query = "select os_user users os_user = {$condition}"; $result = mysqli_query($this->con,$query); return $result; } } this how did implement it:
require 'templates/dbclass.php'; $db = new database(); $db->connect("localhost", "root", "", "os_db"); $username = $_post['username']; if($result = $db->select($username)){ echo $username; if($result->num_rows > 0){ while($row = $result->fetch_object()){ echo $row->os_id; } } } but not show results. when var_dump($result) bool(false).
i've enabled error reporting, there no errors displayed.
there 3 issues select function
- is vulnerable sql injection
- it no error checking
- it useless
here how have be
public function query($sql, $bind) { $db = $this->con; $stm = $db->prepare($sql) or trigger_error($db->error." [$sql]"); $types = str_repeat("s", count($values)); array_unshift($bind, $types); call_user_func_array(array($stm, 'bind_param'), $bind); $stm->execute() or trigger_error($db->error." [$sql]"); $stm->store_result(); return $stm->get_result(); } used this
$sql = "select os_user users os_user = ?"; $res = $db->select($sql, $_post['username'])); while($row = $result->fetch_object()){ echo $row->os_id; }
Comments
Post a Comment