Apeshape Posted July 31, 2013 Share Posted July 31, 2013 Hi all, Currently I am using $con=mysqli_connect("x","x","x","x"); On my login page to satisfy the the connection variable for mysqli_real_escape_string($con, $x) This works OK. However I have been told it's very bad to put my connection information on my login page, and I must change it. So I have moved $con=mysqli_connect("x","x","x","x"); into my class method, and then called for it like so : $con=new dbclass(); $con->openDB(); However despite this, mysqli_real_escape is returning : Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, object given in C:\xampp\htdocs\c\login.php on line 103 Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, object given in C:\xampp\htdocs\c\login.php on line 104 Warning: mysqli_query() expects parameter 1 to be mysqli, object given in C:\xampp\htdocs\c\login.php on line 109 Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in C:\xampp\htdocs\c\login.php on line 111 Acess denied, wrong username or password? This is the method I'm using to do this. function openDB() { include("/assets/configs/db_config.php"); $conn = mysqli_connect('x', 'x', 'x', 'xxt'); // 1. Create a database connection if (!$conn) { $this->error_msg = "connection error could not connect to the database:! "; return false; } $this->conn = $conn; return true; } Can anyone make any suggestions on what I can do. Any code examples based on my code would also be very useful. Thanks, Keith Tyrell Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted July 31, 2013 Share Posted July 31, 2013 if your programming OOP, why are you not just using the PDO abstraction? Quote Link to comment Share on other sites More sharing options...
Apeshape Posted July 31, 2013 Author Share Posted July 31, 2013 Been required to stick to sqli for this. Can you think of any way I can initiate the variables needed to satisify mysqli_real_escape_string without defining the connection on-page? Thank you. Keith Tyrell Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted July 31, 2013 Share Posted July 31, 2013 post your full class and I'll have a look Quote Link to comment Share on other sites More sharing options...
Apeshape Posted July 31, 2013 Author Share Posted July 31, 2013 Thank you...here we go. class dbmember() var conn; function openDB() { include("/assets/configs/db_config.php"); $conn = mysqli_connect('hidden', 'hidden', 'hidden', 'hidden'); //$conn = mysqli_connect($config["host"] , $config["username"], $config["password"],$config["dbname"]); not in use // 1. Create a database connection if (!$conn) { $this->error_msg = "connection error could not connect to the database:! "; return false; } $this->conn = $conn; return true; } db_config.php <?php //Save it as db_config.php $host = 'hidden'; $username = 'hidden'; $password = 'hidden'; $dbname = 'hidden'; $mysqli = new mysqli($host , $username , $password ,$dbname); $conn= mysqli_connect($host, $username, $password, $dbname); return array("host"=>"hidden", "dbname"=>"hidden", "username"=>"hidden", "hidden"=>""); define("HOST", "hidden"); define("USER", "hidden"); define("PASSWORD", "hidden"); define("DATABASE", "hidden"); //loads of funky stuff going on here, I know...Tried a lot of things to get the login connection mysqli connection mysqli_report(MYSQLI_REPORT_ERROR); ?> Thanks a lot. Keith Quote Link to comment Share on other sites More sharing options...
trq Posted July 31, 2013 Share Posted July 31, 2013 It would be more helpful if you posted the code relevant to the errors you are receiving. Quote Link to comment Share on other sites More sharing options...
Apeshape Posted July 31, 2013 Author Share Posted July 31, 2013 It would be more helpful if you posted the code relevant to the errors you are receiving. Certainly, thanks for asking. $con=new dbmember(); $con->openDB(); //$con =mysqli_connect("hidden","hidden","hidden","hidden"); this was my old way of setting up $con for use further down the code. if(isset($_POST['submit'])){ $user=$_POST['user']; $password=$_POST['password']; //To ensure that none of the fields are blank when submitting the form if if(isset($_POST['user']) && isset($_POST['password'])) { $user = stripslashes($user); $password = stripslashes($password); $user = mysqli_real_escape_string($con, $user); // ERROR 1 $password = mysqli_real_escape_string($con, $password); //ERROR 2. Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted July 31, 2013 Share Posted July 31, 2013 hmm, yeah I'm not sure your doing this right at all. I havn't used mysqli - I skipped from mysql to PDO - so I'll probably get some of the mysqli stuff wrong, but the class you have made could be completly rebuilt. Something more like the following I think would work: <?php class dbhandle{ public $res; private $host = "<hostname>"; private $user = "<username>"; private $pass = "<password>"; public $db; public function __construct($database){ $this->db = $database; establishConn(); } private function establishConn(){ //you'll want some error capture in here at some point $con = mysqli_connect($this->host, $this->user, $this->pass, $this->db); $this->res = $con; } } //you would then use it in the following manner: $conn = new dbhandle('myDatabaseName'); mysqli_real_escape_string($conn->res, "some string or other"); ?> Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted July 31, 2013 Share Posted July 31, 2013 (edited) (edit: started writing this before the OP made your last post above) $con is an instance of your database class. it's not an instance of the mysql class. you would add an 'escape' method to your class (that uses mysqli_real_escape_string in it) and call that method. a method in your database class - public function escape($string){ return $this->msyqli->mysqli_real_escape_string($string); } how you would use it in your main code - $user = $con->escape($user); you would also need to correctly store the instance of the mysqli class as a class property in your database class so that you can access it inside the class methods using $this->mysqli Edited July 31, 2013 by mac_gyver Quote Link to comment Share on other sites More sharing options...
Apeshape Posted July 31, 2013 Author Share Posted July 31, 2013 (edited) OK thanks. If I understand correctly, would I be able to move (and would it be better practise to) mysqli_real_escape() to objects within a function. Here's one I'm designing right now. function logcon($user, $password ) { $esc_user = mysqli_real_escape_string($this->conn, $name); $esc_password = mysqli_real_escape_string($this->conn,$address); $sql = "select * all from users where username ='{$user}' AND password='{$password}"; //(rest to be written) } And at the same time, on the page I could remove this altogether? $user = mysqli_real_escape_string($con, $user); And a bit like your example, use this to make a instance? $user = $con->escape($user); Any further guidance on finishing this script? Thanks Edited July 31, 2013 by Apeshape Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.