doushichi3678 2012-03-30 21:47
浏览 53
已采纳

在函数内使用配置变量

In the code given below, I am trying to modify it in such a way that the db connection variables are used from a config file. This should make the password more secure as I can restrict the config file's permissions.

Kindly let me know if there is a way by which I can modify the code to get the db variables from another file/config file?

class ActivitycodesCollection {
    var $list, $err, $sql;    
    // --- Private variables for database access
    var $_db_host = "######";
    var $_db_username = "######";
    var $_db_passwd = "######";
    var $_db_name = "######";
    function query ($where="") {
        mysql_pconnect ($this->_db_host, $this->_db_username, $this->_db_passwd);
        mysql_select_db ($this->_db_name);
        $where = "WHERE " . $where;
        $sql = "SELECT * FROM activitycodes $where";
        $result = mysql_query ($sql);
        $this->err = mysql_error();
        $this->sql = $sql;
        if (mysql_num_rows($result) > 0) {
            while (list($id) = mysql_fetch_array ($result)) {
                $this->list[$id] = new activitycodes($id);
            }
        }
    }
}

I tried including the config.ini file in this class/function but it threw an error like 

unexpected T_VARIABLE, expecting T_FUNCTION
  • 写回答

4条回答 默认 最新

  • dongza3124 2012-03-30 22:12
    关注

    Your code is hopelessly outdated.
    1) Don't use var for properties, use private or protected.
    2) Don't use mysql_* functions, use PDO.
    3) Don't keep connection details inside the class. Just require PDO connection in constructor.
    4) Don't trust any data outside your scope - don't allow just write some untrusted text into your SQL query (you do it by $where variable).
    5) Read books. "PHP Objects, Patterns, and Practice" will help you now, and "Clean code" - little bit later.

    Example:

    class ActivitycodesCollection
{
    private $list;
    private $PDO;
    private $table_name;

    public function __construct(\PDO $PDO, $table_name)
    {
        $this->PDO        = $PDO;
        $this->table_name = $table_name;
    }

    public function fetchByParameter($parameter)
    {
        $query = $this->PDO->prepare("SELECT `id` FROM `{$this->table_name}` WHERE "
                ." some_field = :parameter");
        if (!$query)
        {
            return false;
        }
        if (!($query->execute(array(':parameter'=> $parameter))))
        {
            return false;
        }

        $results = $query->fetchAll(\PDO::FETCH_ASSOC);
        if (!empty($result))
        {
            foreach ($results as $result)
            {
                $id              = $result['id'];
                $this->list[$id] = new ActivityCodes($id);
            }
        }
    }
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 软件测试决策法疑问求解答
  • ¥15 win11 23H2删除推荐的项目,支持注册表等
  • ¥15 matlab 用yalmip搭建模型,cplex求解,线性化处理的方法
  • ¥15 qt6.6.3 基于百度云的语音识别 不会改
  • ¥15 关于#目标检测#的问题:大概就是类似后台自动检测某下架商品的库存,在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
  • ¥15 神经网络怎么把隐含层变量融合到损失函数中?
  • ¥15 lingo18勾选global solver求解使用的算法
  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行
  • ¥20 测距传感器数据手册i2c