douzhe1264 2015-03-11 11:36
浏览 10

如何避免mysqli连接以及如何使用real_escape_string?

Here an excerpt from php class:

DB.class.php

class DB {    
    protected $db_name = '';
    protected $db_user = '';
    protected $db_pass = '';
    protected $db_host = '';
    protected $connection;

    public function connect() {
        $this->connection = mysqli_connect($this->db_host, $this->db_user, $this->db_pass);
        mysqli_select_db($this->connection, $this->db_name);

        return true;
    }

    public function processRowSet($rowSet, $singleRow = false) {
        $resultArray = array();
        while ($row = mysqli_fetch_assoc($rowSet)) {
            array_push($resultArray, $row);
        }

        if ($singleRow === true)
            return $resultArray[0];

        return $resultArray;
    }

    public function insert($data, $table) {
        $columns = "";
        $values = "";

        foreach ($data as $column => $value) {
            $columns .= ($columns == "") ? "" : ", ";
            $columns .= $column;
            $values .= ($values == "") ? "" : ", ";
            $values .= $value;
        }

        $sql = "insert into $table ($columns) values ($values)";

        mysqli_query($this->connection, $sql) or die(mysqli_error($this->connection));

        //return the ID of the user in the database.
        return mysqli_insert_id($this->connection);
    }
}

insert-entry.php

require_once 'db.php';

$headline = $_POST['headline'];
$description = $_POST['description'];

$data = array(
        'headline' => $headline,
        'description' => $description
    );

$db->insert($data, 'entries');´

I have three questions on the professional use of this class:

  • Avoding mysqli connection: The class was mysql before and I changed it to mysqli. Is there any way to avoid that I always need to pass the mysql connection as a parameter when I want to do mysqli operations, such as mysqli_query()?
  • Sanitizing user input: How can I build in $db->real_escape_string? I want it to be applied for all values that come from the user and go into my database. Is it something I can add in the insert function in DB.class.php or do I have to apply this in my outer php files, for example insert-entry.php in this example?
  • Catching an error: In an outer php file such as insert-entry.php in this example, how can I catch an error of a function such as the $db->insert() function? My goal is that if an error occurs the user is directed to an error page (via header:location). Important: I want to be able to create individual error handlings in different php files.
  • 写回答

0条回答 默认 最新

    报告相同问题?

    悬赏问题

    • ¥15 神经网络预测均方误差很小 但是图像上看着差别太大
    • ¥15 Oracle中如何从clob类型截取特定字符串后面的字符
    • ¥15 想通过pywinauto自动电机应用程序按钮,但是找不到应用程序按钮信息
    • ¥15 如何在炒股软件中,爬到我想看的日k线
    • ¥15 seatunnel 怎么配置Elasticsearch
    • ¥15 PSCAD安装问题 ERROR: Visual Studio 2013, 2015, 2017 or 2019 is not found in the system.
    • ¥15 (标签-MATLAB|关键词-多址)
    • ¥15 关于#MATLAB#的问题,如何解决?(相关搜索:信噪比,系统容量)
    • ¥500 52810做蓝牙接受端
    • ¥15 基于PLC的三轴机械手程序