doutao6380 2017-07-22 12:45
浏览 34
已采纳

如何在用户输入的PHP中使用getters和setter

I have created a registration form and now I want to insert data by using Getters and Setters. I have created intAll.php file which has HTML structure and PHP function, then I have created Encap.php file which has Database Connection, My SQL Queries and Getters/Setters. Now I want to pass my Input Data to Encap.php file and I want to catch them in Encap.php file and insert into My SQL DB, but my codes don't work.

So, How to Fix this?

intAll.php File

<?php  

 include 'Encap.php';  
 $InsertData = new Databases; 

 $success_message = '';  
 if(isset($_POST["submit"]))  
 {  

    $InsertData->setName($_POST['name']);
    $InsertData->setUsername($_POST['username']);
    $InsertData->setPassword($_POST['password']);

    //$name=$_POST['name'];
    //$username=$_POST['username'];
    //$password=$_POST['password'];

      if($InsertData->insertsingle())  
      {  
           $success_message = 'Post Inserted';  
      }       
 }  
 ?>  
 <!DOCTYPE html>  
 <html>  
      <head>  
           <title>Insert data into Table using OOPS in PHP</title>  
           <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />  
           <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>  
           <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js"></script>  
      </head>  
      <body>  
           <br /><br />  
           <div class="container" style="width:700px;">  
                <form method="post">  
                     <label>Name</label>  
                     <input type="text" name="name" class="form-control" />  
                     <br />  
                     <label>Username</label>  
                     <input type="text" name="username" class="form-control" />  
                     <br /> 
                     <label>Password</label>  
                     <input type="text" name="password" class="form-control" />  
                     <br />
                     <input type="submit" name="submit" class="btn btn-info" value="Submit" />  
                     <span class="text-success">  
                     <?php  
                     if(isset($success_message))  
                     {  
                          echo $success_message;  
                     }  
                     ?>  
                     </span>  
                </form>  
           </div>  
      </body>  
 </html>

Encap.php File

<?php   

 class Databases{  
      public $con;  

      private $id;
      private $name;
      private $username;
      private $password;

      function setId($id) { 
          $this->id = $id; 
          }

      function getId() {
          return $this->id; 
          }

      function setName($name) { 
          $this->name = $name; 
          }

      function getName() { 
          return $this->name; 
          }

      function setUsername($username) { 
          $this->username = $username; 
          }

      function getUsername() { 
          return $this->username; 
          }

      function setPassword($password) { 
          $this->password = $password; 
          }

      function getPassword() { 
          return $this->password; 
          }

      public function __construct()  
      {  
           $this->con = mysqli_connect("localhost", "root", "", "portal");  
           if(!$this->con)  
           {  
                echo 'Database Connection Error ' . mysqli_connect_error($this->con);  
           }  
      }

        public function insertsingle()  
      {  
           $string = "INSERT INTO academic (name,username,pw) VALUES ('getName()','getUserName()','getPassword()')";
           $rsint=mysqli_query($this->con, $string);  
           return $rsint;
      }

 }  
 ?>
  • 写回答

1条回答 默认 最新

  • dtnrsmi824877 2017-07-22 12:56
    关注

    You cannot call a function within in a string. You should interrupt your string to do that:

    public function insertsingle()  
{  
     $string = "INSERT INTO academic (name,username,pw) VALUES ('" . $this->getName() . "','" . $this->getUserName() . "','" . $this->getPassword() . "')";
     $rsint=mysqli_query($this->con, $string);  
     return $rsint;
}

    However, since you're not sanitizing your user input anywhere, this code is vulnerable to SQL injection attacks and you should be using a prepared statement instead (note: untested code, might need to be tweaked a little):

    public function insertsingle()  
{  
     $string = "INSERT INTO academic (name,username,pw) VALUES (?, ?, ?)";
     $stmt = mysqli_prepare($this->con, $string);
     $stmt->bind_param("sss", $this->getName(), $this->getUserName(), $this->getPassword());
     $rsint = $stmt->execute();
     return $rsint;
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!