rockxl1 Posted December 10, 2009 Share Posted December 10, 2009 Hi ppl. I did update my class that convert your mysql tables in php classes. Is a code generation. If you have table users(id, name, password) the class will create users.class.php with geters and seters to put values in sql. Say what you think. [attachment deleted by admin] Quote Link to comment Share on other sites More sharing options...
Mchl Posted December 10, 2009 Share Posted December 10, 2009 public function MySQL_to_PHP($host, $user, $passoword, $dbname){ In PHP5 constructor should be named __construct(), and there's no MySQLi in PHP4 so... if($this->connection->connect_error){ echo "Error connect!"; die; } Ugly. Throw exception instead. $loop = $this->connection->query("SHOW tables FROM ".$this->dbname.""); Possible SQL injection. SHOW TABLES will only show tables from current database only anyway. Each class created by your script creates it's own MySQLi connection. It would be better if you allowed for passing connection object through constructor parameter. It would make it possible to use one connection through entire application (not to mention modyfing its parameters like encoding etc.) I can see no protection against SQL injection in created class. What will happen if I do $users = new users(); $users->Delete_row_from_key('1 OR 1 = 1'); From Class DataBaseMysql public function RunQuery($query_tag){ $result = $this->conn->query($query_tag) or die("Erro SQL query-> $query_tag ". mysql_error()); return $result; } again, throw Exceptions instead of killing the script. Also, use mysqli_error since you use ext/mysqli... duh! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.