I have two php files, one manages database connection and the other retrieves data from the database. I am writing this from scratch as a learning experience, and granted it is 5am but for some reason I cannot access the variables I need to.
My database connection file is as follows:
<?
class mysqlManager {
var $dbhost = 'xxx.xxx.xxx.xxx';
var $dbuser = 'xxx';
var $dbpass = 'xxx';
var $dbname = 'xxx';
var $connection;
var $errorCode;
var $errorMsg;
public function __construct($host='',$user='',$pass='',$name='') {
if(!$host=='') $this->dbhost = $host;
if(!$user=='') $this->dbuser = $user;
if(!$pass=='') $this->dbpass = $pass;
if(!$name=='') $this->dbname = $name;
}
function openConnection($host,$user,$pass) {
if(!$this->connection = #mysql_connect($host,$user,$pass,true)) {
$this->errorCode = mysql_errno();
$this->errorMsg = mysql_error();
return false;
}
return true;
}
function closeConnection() {
if($this->connection){
#mysql_close($this->connection);
}
}
function selectDB($name) {
if(!$this->openConnection($this->dbhost,$this->dbuser,$this->dbpass)){
return false;
}else{
return #mysql_select_db($name);
}
}
}
?>
The next file for getting data is as follows:
<?
class ccp {
var $mgr;
public function __construct() {
$this->mgr = new mysqlManager();
}
public function test() {
print_r($this->mgr);
}
function getCCP() {
if($mgr->openConnection($mgr->dbhost,$mgr->dbuser,$mgr->dbpass)) {
if(!$mgr->selectDB($mgr->dbname)) {
$mgr->closeConnection();
return 'An error has occured while processing your request.';
}
$q = 'SELECT * FROM ccp WHERE cat="ccp" ORDER BY date DESC';
$r = #mysql_query($q);
$ret='';
while($row = #mysql_fetch_array($r)){
$ret = '<div class="post">';
$ret .= ' <h2 class="title">'.$row["title"].'</h2>';
$ret .= ' <p class="date">'.$row["date"].'</p>';
$ret .= ' <div class="entry">'.$row["body"].'</div>';
$ret .= '</div>';
}
$mgr->closeConnection();
return $ret;
}
}
}
?>
When I run the test function, I get this:
mysqlManager Object ( [dbhost] => xxx.xxx.xxx.xxx [dbuser] => xxx [dbpass] => xxx [dbname] => xxx [connection] => [errorCode] => [errorMsg] => )
How do I access the variables in the mysqlManager Object?
Thanks!
To access the members of an object, use ->, with nested objects, multiple times. So: In test():
echo $this->mgr->dbhost; // echoes xxx.xx.xxx.xxx
echo $this->mgr->dbpass; // echoes xxx
You can do this because the variables were declared using var, making them implicitly public. If you declare them with private or protected like so:
class mysqlManager
{
private $dbhost = 'xxx.xxx.xxx.xxx';
protected $dbuser = 'xxx';
...
you will not be able to access the variables from another object.
Does that answer your question?
Related
I have file users.php and i want to display user's information when is set for example users.php?id=5
my "users.php" file is:
<?php
$page_title = "Administrace - Uživatelé";
require_once($_SERVER['DOCUMENT_ROOT']."/core/main.php");
if(!Admin::is_admin() or !User::is_logged()) // check if user is logged and is admin
{
redirect($url."index.php"); //get out of here
}
$user = new User();
if(isset($_GET["id"]))
{
$id = test_input($_GET["id"]); // = htmlspecialchars() & trim() & stripslashes()
$is_valid = ctype_digit($id);
if($is_valid && $user->check_user_available($id)) // check if $id is number AND if user with the $id is in database
{
// show user's information
} else {
// get out of here
redirect($url."admin/");
}
} else {
?>
<i>...toto je random text...</i>
<section>
<div class="content">
<h1>Administrace -> Uživatelé</h1>
<p>
<?php
echo ($user->get_all_users()); // get all users (User)
?>
</p>
</div>
</section>
<aside>
<?php
$login = new Panel("login");
$partneri = new Panel("partners");
?>
</aside>
<?php } require_once($_SERVER['DOCUMENT_ROOT']."/template/footer.php");?>
my check_user_availabe() function:
<?php
public function check_user_available($id)
{
$id = trim($id);
$id = stripslashes($id);
$id = htmlspecialchars($id);
if(ctype_digit($id))
{
$query = Database::dotaz('SELECT * FROM `users` WHERE `id`=?', array($id));
if($query > 0)
{
return true;
} else {
return false;
}
}
}
?>
I'm also using PDO prepared statements.. Here is my class database and function dotaz() (dotaz = query)
<?php
class Database {
// Databázové spojení
private static $connection;
// Výchozí nastavení ovladače
private static $nastaveni = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
PDO::ATTR_EMULATE_PREPARES => false,
);
// Připojí se k databázi pomocí daných údajů
public static function connect($host, $username, $password, $dbname) {
if (!isset(self::$connection)) {
self::$connection = #new PDO(
"mysql:host=$host;dbname=$dbname",
$username,
$password,
self::$nastaveni
);
}
}
public static function dotaz($dotaz, $parametry = array()) {
$navrat = self::$connection->prepare($dotaz);
$navrat->execute($parametry);
return $navrat->rowCount();
}?>
Could you say me if the $_GET part is well-secured or help me to secure it better ? Thank you all
I have splitted my php into 2/3 pieces using (MySQLi Procedural) :
First is dedicated to db (open,execute,Total Row, Affected Row,Close..)
Second is dedicated to other functionalities .
Here is an example :
db.php (First)
<?php
class DB {
var $DBUser = 'myuser';
var $DBPass = 'mypassword';
var $DBServer = 'localhost';
var $DBName = 'myDB';
var $con;
function __construct() {
$testcon = mysqli_connect($this->DBServer, $this->DBUser, $this->DBPass,$this->DBName);
if (!$testcon) {
die('Database connection failed: ' . mysqli_connect_error());
} else {
$this->con = $testcon;
}
}
function Qry($sql) {
if($result = mysqli_query($this->con,$sql) ) {
return $result;
}
else
{
$err = "Error: ".$sql. " :: ". mysqli_error;
die("$err");
}
}
function TotRows($result) {
if($result === false)
{
die("Error ".mysqli_error);
}
else return mysqli_num_rows($result);
}
function AffRows($result) {
return mysqli_affected_rows($result);
}
function LastRow($tblName) {
return mysqli_insert_id($this->con);
}
function close() {
mysqli_close($this->con);
}
}
?>
and
functions.php (Second)
public function GetBoolResult($db,$sql) {
$result=$db->Qry($sql);
$no_of_rows = $db->TotRows($db->con);
if ($no_of_rows > 0) {
// user exist
return true;
} else {
// user does not exist
return false;
}
}
When I try to execute the script I got the following Warning error :
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, object given in db.php
if you look at this function to get number of rows , the parameter is tested inside the function, the sql statement has been tested directly in the mysql serverwithout any error.
Any idea what's the problem ?
Don't you wan't to pass in the result, not the connection
$result = $db->Qry($sql);
$no_of_rows = $db->TotRows($result);
Basically I created this script that check if a file exists and then creates it.
It worked great before when I had a non OOP version of it.
Now I modified it to become OOP and somehow it doesn't work and I get the error in Apache PHP Fatal error: Call to undefined function createFile() in C:\Program Files (x86)\Zend\Apache2\htdocs\Proj11\1.php on line 66
I highlighted where line 66 is with the line //// THE ERROR LINE BELOW
Whats wrong with it??? thx
<?php
//DB Config File
$phase = $_GET['phase'];
if(empty ($phase)){
$phase = new phase1();
$phase->start();
} elseif ($phase = 1) {
$phase = new phase2();
$phase->stepFunction();
};
class phase1 {
function __construct () {
$dbFile = 'dbconfig.php';
$step = 0;
$username = $_GET['username'];
$password = $_GET['password'];
$server = $_GET['server'];
$dbName = $_GET['dbName'];
$this->step = $step;
$this->dbFile = $dbFile;
$this->username = $username;
$this->password = $password;
$this->server = $server;
$this->dbName = $dbName;
$db = new PDO ('mysql:host=' .$server.';dbname='.$this->dbName,$this->username,$this->password);
$this->db = $db;
}
public function createFile () {
//Creates File and populates it.
$fOpen = fopen($this->dbFile, 'w');
$fString .= "<?php\n";
$fString .= "// Database Constants\n";
$fString .= "\$DB_SERVER =" . "\"" . $this->server . "\";\n";
$fString .= "\$DB_USER =" . "\"" . $this->username . "\";\n";
$fString .= "\$DB_PASS =" . "\"" . $this->password . "\";\n";
$fString .= "\$DB_NAME =". "\"" . $this->dbName . "\";\n";
$fString .= "?>";
fwrite($fOpen, $fString);
fclose($fOpen);
return true;
}
public function start (){
try {
if ($this->db) { //if succesful at connecting to the DB
if (file_exists($this->dbFile)){
if (is_readable($this->dbFile) && is_writable($this->dbFile)){
//Creates File, populates it and redirects the user
//////////////////////////
//// THE ERROR LINE BELOW
//////////////////////////
if (createFile()) {
$phase = new phase2();
$phase->stepFunction($this->step);
exit ();
}
} else {
echo "The file {$dbFile} cannot be accessed. Please configure the file manualy or grant Write and Read permission."; }
} else {
//Creates File, populates it and redirects the user
if (createFile()) {
$phase = new phase2();
$phase->stepFunction($this->step);
exit ();
}
}
}
} catch (PDOException $e) { //Catchs error if can't connect to the db.
echo 'Connection failed: ' . $e->getMessage();
}
}
} // en class Phase 1
createFile() is a method defined in the class, and must be called inside the class as $this->createFile():
if ($this->createFile()) {...}
I have not looked over your code thoroughly yet, but you may have omitted $this-> on other method calls as well.
I'll point out also that since there doesn't appear to be any circumstance in which createFile() returns anything other than TRUE, there's no real need for the if () {} block; the else case will never be reachable.
For some reason the return doesn't work when the check_em() succeeds. I'm new to php, so I'm at a loss here.
<?php
//Class to handle mysql
class db_handler {
private $db_host = 'localhost';
private $db_name = 'project';
private $db_user = 'project';
private $db_pass = 'dbpassword';
private $db_con_mysql = '';
private $db_con_db = '';
public function check_em($username, $password) {
$db_query = "SELECT password FROM user WHERE name='".$username."' LIMIT 1;";
if($this->db_con_mysql!='') {
$db_query_response = mysql_query($db_query) or die('Query failed: '.mysql_error());
$db_query_return = mysql_fetch_row($db_query_response);
$db_sha1_hash = $db_query_return[0];
echo $db_sha1_hash."<br>";
echo sha1($password)."<br>";
if(sha1($password)==$db_sha1_hash) {
return 'user valid'; //THIS DOESN'T WORK!?!?!?
} else {
return 'no good';
}
} else {
$this->db_connect();
$this->check_em($username, $password);
}
}
//Connect to mysql, then database
private function db_connect() {
$this->db_con_mysql = mysql_connect($this->db_host, $this->db_user, $this->db_pass) || die('Connection failed: '.mysql_error());
$this->db_con_db = mysql_select_db($this->db_name) || die('Could not use'.$this->db_name.'. '.mysql_error());
return;
}
//Disconnect from database and reset vars used to track connection.
private function db_disconnect() {
if($this->db_con_mysql!='') {
mysql_close();
$this->db_con_mysql = '';
$this->db_con_db = '';
return;
}
}
public function fake($some_val) {
if($some_val<6) {
return TRUE;
} else {
return FALSE;
}
}
}
$db_obj = new db_handler();
$val1 = $db_obj->check_em('someuser','password'); //should return 'user valid'
echo "val1:".$val1."<br>";
echo "<br><br>";
$val2 = $db_obj->check_em('someuser','passw0rd'); //should return 'no good'
echo "val2:".$val2."<br>";
echo "<br><br>";
echo "test<br>";
echo $db_obj->fake(4)."<br>";
?>
Results:
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
val1:
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
7c6a61c68ef8b9b6b061b28c348bc1ed7921cb53
val2:no good
test
1
This line needs a return:
return $this->check_em($username, $password);
But a more sensible solution would be to connect to the database inside the if when the connection is null. Really, the whole thing could be better written, but I'll leave it at that.
...
else {
$this->db_connect();
return $this->check_em($username, $password);
}
...
You want to add the return, so that if it fails, then it goes one level deeper and finds another. If that level deeper succeeds, it passes the value up to the level above, which can pass it up and up until it reaches the original function call.
Already tearing my hairs out for a couple of days. There is not much left of them ;-)
I am experiencing a strange problem when I want to bind a service to a button or something else:
files:
- CDPC.php
<?php
require_once ('VOcdpc.php');
class CDPC {
var $username = "root";
var $password = "";
var $server = "localhost";
var $port = "3306";
var $databasename = "xoffercommon";
var $tablename = "tblcity";
var $connection;
public function __construct() {
$this->connection = mysqli_connect(
$this->server,
$this->username,
$this->password,
$this->databasename,
$this->port
);
mysqli_set_charset($this->connection,'utf8');
$this->throwExceptionOnError($this->connection);
}
public function getCDPC($cityID) {
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("xoffercommon", $con);
$cdpc_Id = new Vocdpc();
$cdpc_Id->id_cdpc = 1;
$cdpc_Id->city_Id=$cityID;
$result_prov = mysql_query("SELECT tblProvence_Id FROM tblCity WHERE Id = " . $cityID);
$row = mysql_fetch_array($result_prov);
$cdpc_Id->provence_Id=intval($row['tblProvence_Id']);
$result_dist = mysql_query("SELECT tblDistrict_Id FROM tblProvence WHERE Id = " . $cdpc_Id->provence_Id);
$row = mysql_fetch_array($result_dist);
$cdpc_Id->district_Id=intval($row['tblDistrict_Id']);
$result_coun = mysql_query("SELECT tblCountry_Id FROM tblDistrict WHERE Id = " . $cdpc_Id->district_Id);
$row = mysql_fetch_array($result_coun);
$cdpc_Id->country_Id=intval($row['tblCountry_Id']);
return $cdpc_Id;
mysql_close($con);
}
private function throwExceptionOnError($link = null) {
if($link == null) {
$link = $this->connection;
}
if(mysqli_error($link)) {
$msg = mysqli_errno($link) . ": " . mysqli_error($link);
throw new Exception('MySQL Error - '. $msg);
}
}
}
?>
VOcpdc.php
<?php
class VOcdpc
{
public $id_cdpc;
public $country_Id;
public $district_Id;
public $provence_Id;
public $city_Id;
// explicit actionscript class
var $_explicitType = "Vocdpc";
}
?>
In flex builder
I can add the services to the Data Services panel but I have two strange things:
1) when I want to configure the return type he doesn't let me create a new ValueObject type, I only get the bottom datagrid which states: Properties returned by the operation: Property: country_Id, provence_Id, city_Id, id_cdpc, district_Id with the related values on the right side. Why can't I create a new data type on the top?
2) When I accept this and want to add the service call to a button (drag&drop) I get the following error: Error occurred while generating code. Make sure that there are no compiler eroors and try again after reopening the file. Componentn type services.cdpc.CDPC not found...
(ps: When I perform a Test Operation everything seems to be ok, I get the expected output values)
this is the class included in the main cdpc.php file, the post drops it apparently, so here is the VOcpdc file:
// explicit actionscript class
var $_explicitType = "Vocdpc";
}
?>