I have used an external php class provide MySQL related functions for some time. All good. Just recently I have changed to mysqli, and the adjustments I have made seem to work, but nobody else (as far as I can see) does it the same way, making me wonder whether I am doing it wrong! Can anyone confirm. Thanks. By the way, I am attempting to avoid MySQL injection, hence the use of prepared queries - Am I achieving what I want?
Here is my database initialization function, which is a method in the class 'page'
function initialize()
// Get the database connection info from the settings file
{
$info = new settings();
$memberserver = $info->sqlserver;
$memberuser = $info->sqluser;
$memberpass = $info->sqlpass;
$memberdatabase = $info->sqldatabase;
// connect to database
$this->link = new mysqli("localhost", $memberuser, $memberpass, $memberdatabase);
mysqli_set_charset($this->link, "utf8");
return($this->link);
}
Then the php page calls the method, and performs a mysqli query as follows
$q = $page -> initialize();
$query ="INSERT INTO tablename (title, description, slug, date) VALUES (?, ?, ?, ?)";
$stmt = $q ->prepare($query);
$stmt->bind_param('ssss', $title, $desc, $slug, $date);
$stmt->execute();
$stmt->close();
$page -> disconnect();
As I say, it works. But have I made a schoolboy error? As always, thanks for any/all replies!
