[weird issue with my class]

Aaah like that, got it working like a charm now.

 

but mac_gyver if I may ask which way of configuration files you use or would use in your php app?

 

Still trying to figure out the best way or atleast a good way to work with configuration files.

[weird issue with my class]

the error message and a few lines of code leading up to the line with the error would help.

 

the reason .ini (and .xml) files don't get used for configuration settings in applications that are meant for others to use is, without specific security in place that prevents access to those files, anyone discovering them (or learning of their existence because they are used in a open-souce/published script) can simply request them through the browser and see all the settings they contain.

 

the content of .php files, on the other hand, are automatically secure as the php code in them cannot be seen when or if they are browsed to. it would take breaking php on the server to be able to request a .php file and see the contents in it.

 

True but it doesnt take alot of lines of code to ensure the proper file permissions which I was aware of, but if that's a reason to not use it I dont see why not use it hehe.

 

For the lines of code perceeding the error:

class DB {
    
    private $_parse;
    private static $_instance = null;
    
    private $_config = _BASE_DIR . "config_odin.ini";
    private $_parse  = parse_ini_file($_config, true);
    private $_pdo; // Instance for re-use
    private $_query; // Last executed query;
    private $_error = false; 
    private $_results; // Output;
    private $_count= 0;
    
    private function __construct() {
        try {
            $this->_pdo = new PDO('mysql:host='.Config::get('mysql/host').';dbname='.Config::get('mysql/db'), Config::get('mysql/user'), Config::get('mysql/passw'));
            echo 'Verbonden met: '.$_parse['host'];
        } catch (PDOException $e) {
            die($e->getMessage());
        }
    }
    
    public static function getInstance() {
        if(!isset(self::$_instance)) {
            self::$_instance = new DB();
        }
        return self::$_instance;
    }
    
    public function insert($table,$values = array()) {
        
        $_query  = 'INSERT INTO `'.$table.'` (`';
        foreach($values as $key => $value) { 
            return $_query .= $key.', ';
        }
        
        $_query .= ') VALUES(';
        
        foreach($values as $key => $value) { 
            return $_query .= $value.', ';
        }
        $_query .= '`)';
        
    }
    
}

Well as the code is not yet complete here is everything I got at this moment. at the top you will see the two lines I mentioned.

 

Please forget the Config::get(); its a way of using a php file as config file, which I want to remove as its not my own code.

[weird issue with my class]

Hi I got a small issue so I wont have to post all code, but as soon as I use the 2 lines below INSIDE a class I get a fatal syntax error.

 

$_config = _BASE_DIR . "config_odin.ini";

$_parse  = parse_ini_file($_config, true);

 

He seems to say that between _BASE_DIR and "config_odin.ini"; the problem lays so must be that "."(dot).

 

 

Also since php has theire own function to implement config files with ease, I dont see alot of people using it, even some serious guys 

just use a php file with theire own function to roll out the values.

 

I would like to know anyones opinion about configuration files, which do you choose and why?

[Building query cleanup together]

Aha... well I think I understand what you mean. However I havent been able to find a good guide on the subject outside php.net I want to completely understand those prepared statements before I adapt the code.

 

Maybe someone has a guide that covers alot?

[Building query cleanup together]

Ok I read enough to say I was wrong, but how long does this function exists lol I only remember the time were u had to code something like that.

 

But still this is only useful when u got the queries and my class handles that and only at the end I could implement it for further use.

 

Only this I dont completely get its from php.net

 

"If an application exclusively uses prepared statements, the developer can be sure that no SQL injection will occur (however, if other portions of the query are being built up with unescaped input, SQL injection is still possible)."

 

The bold part is what I dont understand maybe someone can give me an example?

[Building query cleanup together]

Ok ok I get that, I do not completely agree that its not possible or taking massive amounts of time, also I never coded for production appz, trying to go in that direction right now but thats for another topic.

 

Both of you thanks, for the replys, mogosselin I am gonna look into prepared statements.

 

Also:

 

http://www.tero.co.uk/scripts/superdatabase.php

 

Not that I am gonna use it.

 

And about 10 years ago when I started with perl I learned to code everything myself. So I rather stop coding at all then using and editing others code.

BUT... purely for security risks I understand that certain parts might need other code.

 

I can write on and on about this, I understand both comments I am gonna look it up and if its better then the idea I got about the class I will implement it.

[Building query cleanup together]

Hi guys,

 

I am trying to build a mysql function that handles building up querys for the dbase, it all works so far.

I started at a function inside that class that handles cleaning up the arrays so it can be sent to the dbase

without having to worry about injections, I wanted to write it myself but I thought if you guys have lines to

add please leave it in a comment and I will update the code, I will also make it open source.

function QueryCleaner($query12) {
        
	trim($query12);
        
	if (preg_match ('/\bUNION\b|\bJOIN\b|1=1/i', $query12)) return null; //Checking for SQL injections, so deny them
	if (substr_count ($query12, "'") % 2 == 1) return null; //something with an uneven number of quotes, could be SQL injection
        
	$query =(get_magic_quotes_gpc()) ? stripslashes($query) : $query;  
        return mysqli_real_escape_string($query);
        
    }

If you got ideas for this let me know!

[Got some q's about php appz/svn and others]

Yeah I know last week I had all these questions but I wasnt able to put it all down in one story.

As for version control I am gonna check articles I wanna know everything about it.

 

Well let me explain how I got into Smarty, I was coding in Perl like 6 years ago then I noticed

my interest in webdevelopment, so I went into PHP and from the start a friend of me explained

me it was possible to keep my code and templates seperate from eachother, which is very useful

when I do the coding and a collegaeu(or however you write it) does the designs.

 

And to be honest lately I want to code every piece myself so no wp and phpbb, and I think I am

more afraid to use those frameworks to make my web applications, and then at the end I only manipulated

the code from a third party to have it work and look to the expectations of the project.

 

So to hear you say that smarty is just a templating framework/component is actually the most useful thing to

use in my case or check if phalcon or another company offers a faster template component.

 

 

I am gonna mark this as "solved" but if you dont mind I would like to hear more input from you to get me back

on track, so far you give very interesting answers.

 

 

Greetings,

[Got some q's about php appz/svn and others]

nvm see that its alot like smarty so far.

[Got some q's about php appz/svn and others]

I just found http://vimeo.com/phalconphp and they say its a C extension with high performance while I came from Smarty framework. Could you help me get started quick with Phalcon? Appreciate it.

 

Have a nice weekend btw!

[Got some q's about php appz/svn and others]

Hey sorry for my late response,

 

I said svn but I meant git, the only thing I dont see is how it could be useful when developing projects, I know its used for open source projects which u can manage with multiple dev's but is it only useful in alpha stage when the project is ready for release?

 

Yeah local webserver has always been useful, well good to know things didnt change alot .

[Got some q's about php appz/svn and others]

Hello,

 

I haven't been coding alot for a few years and now I am "upgrading" my tools, and looking for a good svn or other site to have a lab were I can add projects and have a webserver for it for testing, I know svn falls off in that case but for updates its useful for me.

 

I am open to any site, would be cool if it supported zend.

[Can't connect to mysql server]

Solved it, it seems the variable for the credentials wasnt passed to the __construct()

[Can't connect to mysql server]

I know why you're saying that but I came from four credentials and kept adding to be sure hes not using a wrong setting.

 

See this: http://nl3.php.net/manual/en/mysqli.construct.php and scroll to "Parameters" u will see all the parameters u can add to it.

[Can't connect to mysql server]

Hey guys,

 

I am having problems when I started a class for mysql queries, and I am trying to connect in the __construct() but it doesnt matter how many diffrent servers I try it won't freaking connect PLEASE HELP lol.

 

Code is below:

function __construct() {
       
    $db 	= new mysqli($db_login_cred);
//    $db_conn	= mysqli_connect() or die(mysqli_error($db));
 
 if (mysqli_connect_error()) {
    die('Connect Error (' . mysqli_connect_errno() . ') '
            . mysqli_connect_error());
}

echo 'Success... ' . $db->host_info . "\n";
    
/*
    if(isset($db_conn)) {
	echo "Verbinding met de MySQL backend tot stand gebracht.";
    } else {
	echo "Kan de MySQL-backend niet bereiken.<br /><br />
	      Foutmelding:<br />"
	     .$error = $db_conn->mysqli_connect_error()
	     .$error;
    }
*/

There's some of my own code which is commented out in a try to use standard code from php.net to see if I made a typo or whatever.

 

 

I will keep this page open so if u need additional info I can supply it fast hopefully.

 

if u also want to see the output: http://odins.co.nf/

[regarding changes with dbase functions...]

Well I digged further into mysqli that php.net recommended and with theire class called mysqli it actually worked so I guess I gotta update my scripts with new classes.

 

But thanks anyways!

[regarding changes with dbase functions...]

I think PHP is using this package: http://pear.php.net/package/DB/redirected

[regarding changes with dbase functions...]

I am getting confused, I understand you want to see the relevant methods but its build-in by PHP. 

[regarding changes with dbase functions...]

which relevant parts do you mean? the object at start is the problem.

[regarding changes with dbase functions...]

Ok lets try it again then this below doesnt work now while it did before:

$db 		= new db;

$db->mysql_connect($sql) or die('Kon geen verbinding krijgen met de dbase.');

Then this is the config file which holds $sql:

<?php

$sql['host'] = 'nextgen.co.nf';
$sql['user'] = 'user';
$sql['pass'] = 'password';
$sql['dbase'] = '1458015_error';


?>

Hope this is better.

 

 

PS: I only changed username and password the variables they hold are correct.

[regarding changes with dbase functions...]

Hi guys,

 

I am having a problem with my old scripts I am trying to run, I have $newdb = new db; and it isnt enough.

Then this code comes up with "false":

$db->mysql_connect($sql) or die('Kon geen verbinding krijgen met de dbase.');

I got one other problem, I am trying to write an extended error reporter and I want a page with tabs and then one tab for each dbase I want to read the errors from.

Does anyone got any tips on how to accomplish this?

 

Thanks in advance!