Jump to content

Recommended Posts

Hi all,

 

Currently I am using 

 



    $con=mysqli_connect("x","x","x","x");


 

On my login page to satisfy the the connection variable for mysqli_real_escape_string($con, $x)

 

This works OK. However I have been told it's very bad to put my connection information on my login page, and I must change it. 

 

So I have moved  $con=mysqli_connect("x","x","x","x"); into my class method, and then called for it like so :

 




$con=new dbclass();
$con->openDB();


 


 

However despite this, mysqli_real_escape is returning :

 



    Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, object given in C:\xampp\htdocs\c\login.php on line 103
    
    Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, object given in C:\xampp\htdocs\c\login.php on line 104
    
    Warning: mysqli_query() expects parameter 1 to be mysqli, object given in C:\xampp\htdocs\c\login.php on line 109
    
    Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in C:\xampp\htdocs\c\login.php on line 111
    Acess denied, wrong username or password?


This is the method I'm using to do this.

 



    function openDB() {
            
      include("/assets/configs/db_config.php");
$conn = mysqli_connect('x', 'x', 'x', 'xxt');
    
    // 1. Create a database connection
    if (!$conn)
    {
        $this->error_msg = "connection error could not connect to the database:! ";  
        return false;
    }
    $this->conn = $conn;
    return true;
    }


 

Can anyone make any suggestions on what I can do. Any code examples based on my code would also be very useful.

 

Thanks,

Keith Tyrell

 

Thank you...here we go.

class dbmember()
var conn;

function openDB() {
include("/assets/configs/db_config.php");
$conn = mysqli_connect('hidden', 'hidden', 'hidden', 'hidden');

//$conn = mysqli_connect($config["host"] , $config["username"], $config["password"],$config["dbname"]); not in use

// 1. Create a database connection
if (!$conn)
{
    $this->error_msg = "connection error could not connect to the database:! ";  
    return false;
}
$this->conn = $conn;
return true;
}

db_config.php

<?php //Save it as db_config.php

$host = 'hidden';
$username = 'hidden';
$password = 'hidden';
$dbname = 'hidden';
$mysqli = new mysqli($host , $username  , $password ,$dbname);

$conn= mysqli_connect($host, $username, $password, $dbname);
     return array("host"=>"hidden", "dbname"=>"hidden", "username"=>"hidden", "hidden"=>"");
     define("HOST", "hidden");
     define("USER", "hidden");
     define("PASSWORD", "hidden");
     define("DATABASE", "hidden");
//loads of funky stuff going on here, I know...Tried a lot of things to get the login connection mysqli connection

mysqli_report(MYSQLI_REPORT_ERROR);


?>

Thanks a lot. Keith

It would be more helpful if you posted the code relevant to the errors you are receiving.

 

Certainly, thanks for asking.

$con=new dbmember();
$con->openDB();
        
        //$con =mysqli_connect("hidden","hidden","hidden","hidden"); this was my old way of setting up $con for use further down the code.

if(isset($_POST['submit'])){

$user=$_POST['user']; 
$password=$_POST['password'];
    
//To ensure that none of the fields are blank when submitting the form if
if(isset($_POST['user']) && isset($_POST['password'])) 
	{    
   
        $user = stripslashes($user);
        $password = stripslashes($password);
        $user = mysqli_real_escape_string($con, $user); // ERROR 1
        $password = mysqli_real_escape_string($con, $password); //ERROR 2.

hmm, yeah I'm not sure your doing this right at all.  I havn't used mysqli - I skipped from mysql to PDO - so I'll probably get some of the mysqli stuff wrong, but the class you have made could be completly rebuilt.  Something more like the following I think would work:

<?php
class dbhandle{

public $res;
private $host = "<hostname>";
private $user = "<username>";
private $pass = "<password>";
public $db;

public function __construct($database){
  $this->db = $database;
  establishConn();
}

private function establishConn(){
  //you'll want some error capture in here at some point
  $con = mysqli_connect($this->host, $this->user, $this->pass, $this->db);
  $this->res = $con;
}
}

//you would then use it in the following manner:

$conn = new dbhandle('myDatabaseName');
mysqli_real_escape_string($conn->res, "some string or other");
?>

(edit: started writing this before the OP made your last post above) $con is an instance of your database class. it's not an instance of the mysql class. you would add an 'escape' method to your class (that uses mysqli_real_escape_string in it) and call that method.

 

a method in your database class -

public function escape($string){

    return $this->msyqli->mysqli_real_escape_string($string);
}

how you would use it in your main code -

$user = $con->escape($user); 

you would also need to correctly store the instance of the mysqli class as a class property in your database class so that you can access it inside the class methods using $this->mysqli

Edited by mac_gyver

OK thanks. If I understand correctly, would I be able to move (and would it be better practise to) mysqli_real_escape() to objects within a function. Here's one I'm designing right now.

 

function logcon($user, $password )
{
    
   $esc_user = mysqli_real_escape_string($this->conn, $name);
   $esc_password = mysqli_real_escape_string($this->conn,$address);  
$sql = "select * all from users where username  ='{$user}' AND password='{$password}";
//(rest to be written)
}

And at the same time, on the page I could remove this altogether?

 $user = mysqli_real_escape_string($con, $user);

And a bit like your example, use this to make a instance?

$user = $con->escape($user);

 

Any further guidance on finishing this script? Thanks

Edited by Apeshape
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.