dragonsun00000 2014-07-15 06:44
浏览 51
已采纳

如果在php类中建立连接并且在单独的函数文件中使用函数mysqli_real_escape_string,我如何使用mysql连接?

I am working on a project in which I am using mysqli extension. I have made mysql connection in a PHP class called Connect.class.php like this -

// connect to db
    public function connect()
    {
        $this->con = @mysqli_connect($this->db_host, $this->db_username, $this->db_password, $this->db_name) or die("Couldn't connect! " . mysqli_connect_error());
        return $this->con;
    }

And I have one another file called functions.php in which I am sanitizing the input data like this -

// filter user input data
function filter_data($input)
{
    $sanitized_data = mysqli_real_escape_string(connection, htmlspecialchars(trim($input), ENT_QUOTES, "UTF-8"));
    return $sanitized_data;
}

Now the above code will not work since it has not correct connection parameter. I am not understanding how can I provide it proper connection that is made from my PHP class Connect.class.php. Since the property of an object can not be used in a function of a separate file i.e. i cant use $this->con.

If I use simple mysql in place of mysqli then there is no problem at all since mysql_real_escape_string() doesn't need connection as a necessary parameter. So what to do in this situation?

  • 写回答

1条回答 默认 最新

  • duanrang2627 2014-07-15 07:01
    关注

    You can do it by more than one way :

    1.1- Try putting the escape function inside the connect class, inside a function.

    //Make a function _escape($str) and put mysqli_real_escape_string($this->con,$str) in it
//Connect.class.php
public function _escape($str){
     return mysqli_real_escape_string($this->con, htmlspecialchars(trim($input), ENT_QUOTES, "UTF-8"));
}

    1.2.1 (Sub method 1) Create an object of connect inside the function and run the escape method

    // filter user input data
function filter_data($input)
{
    $db = new Connect();
    $db->connect();
    return $db->_escape($input);
}

    1.2.2 (Sub method 2) Just run the escape method outside filter_data, don't use this function any more

    $db = new Connect();
$db->connect();
$filtered = $db->_escape($input);

    2.1 Use the same approach as in one but don't put the escape function inside connect just make an extended class(Example dbFilter) and put it in there

    3.1 Use the connection object return by connect function

    // altered filter user input data
function filter_data($input, $conn)
{
    $sanitized_data = mysqli_real_escape_string($conn, htmlspecialchars(trim($input), ENT_QUOTES, "UTF-8"));
    return $sanitized_data;
}

//call it
$db = new Connect();
$conn = $db->connect();
filter_data($input, $conn);
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)
  • ¥15 Vue3地图和异步函数使用
  • ¥15 C++ yoloV5改写遇到的问题
  • ¥20 win11修改中文用户名路径
  • ¥15 win2012磁盘空间不足,c盘正常,d盘无法写入
  • ¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
  • ¥70 PlayWright在Java上连接CDP关联本地Chrome启动失败,貌似是Windows端口转发问题
  • ¥15 帮我写一个c++工程
  • ¥30 Eclipse官网打不开,官网首页进不去,显示无法访问此页面,求解决方法
  • ¥15 关于smbclient 库的使用