|
PHP - Mysqli - Can Someone Cast An Eye Over These Statements?
Hi all,
I've just started upgrading from procedural style mysql statements to object orientated style mysqli prepared statements. I was just hoping someone could look over my registration page statement code and tell me if there are any bits that are unecessary or a security issue (All of the code does already work - just want it checking) The reason I would like them checked over is because I've never touched OOP or mysqli in my life as I haven't been doing php all that long. I've had my own mysql statements running great for a couple of years but I want to keep with the times! If they are ok, then I'll go on to convert the remainder of the site First of all I include the mysqli database connection script before each mysqli statements (as php auto drops the connection once the script has finished - a little annoying as it increases the code. But I can see the resources advantages. ): ../db/dbauth.php (outsite www root): Code: [Select] $mysqli = new mysqli($hostname_lh, $username_lh, $password_lh, $database_lh); if (mysqli_connect_errno()) { $mess = "There was a mysqli connection error! Mysqli Error: " . mysqli_connect_error(); $contact_email = "webmaster@website.com"; $message_sub = "Mysqli Connection Error"; $hdrs = "From: " . $contact_email . "\r\n"; $hdrs .= "Reply-To: ". $contact_email . "\r\n"; $hdrs .= "MIME-Version: 1.0\r\n"; $hdrs .= "Content-Type: text/html; charset=UTF-8\r\n"; mail($contact_email, $message_sub, $mess, $hdrs); exit(); } The above will send an email if there are any connection problems. This file has to be called before each mysqli statement... is there an easier way of doing this? I don't want to have it in my file as it contains the password/database details. Do I have to include the file each time I use mysqli in a file as I have been doing? Some files contain upto 4-5 mysqli statements, so i'm effectively including the dbauth.php file 4-5 times. Anyways to the statements: First prepared statement is for populating a countries drop down box: Code: [Select] // connect to db for mysqli require_once('../db/dbauth.php'); // populates countries drop down $countrystmt = $mysqli->stmt_init(); if ($countrystmt = $mysqli->prepare("SELECT country FROM countries")){ $countrystmt->execute(); $countrystmt->bind_result($option); while ($countrystmt->fetch()) { // records stored in $option echo "<option value='" . $option . "'"; if ($user_country == $option) { echo " selected"; } echo ">" . $option . "</option>"; } $countrystmt->close(); } $mysqli->close(); This one checks the db to see if the user already exists: Code: [Select] // connect to db for mysqli require_once('../db/dbauth.php'); // checks if the username is in use $result = $mysqli->stmt_init(); if ($result->prepare("SELECT their_username FROM users WHERE their_username=?")){ $result->bind_param("s", $their_username); $result->execute(); $result->store_result(); $row_count = $result->num_rows; $result->close(); } // if query errors sends an email $mysqli->close(); // if the name exists it gives an error if ($row_count != NULL) { //..... .... .... next one inserts a new user into the db (after some santitising of inputs): Code: [Select] // connect to db for mysqli require_once('../db/dbauth.php'); // inserts a new user $null = NULL; $insert_stmt = $mysqli->stmt_init(); if ($insert_stmt->prepare("INSERT INTO members VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) { $insert_stmt->bind_param('issssssssssssiiiiisiis', $null, $user_name, $user_companyname, $user_email, $user_1stline, $user_address2, $user_town, $user_county, $user_postcode, $user_country, $user_tel, $their_username, $null, $zero, $zero, $zero, $zero, $zero, $user_serial, $zero, $zero, $zero); $insert_stmt->execute(); $insert_stmt->close(); } // if query errors sends an email if ($mysqli->error) { try { throw new Exception("MySQL error $mysqli->error <br> Query:<br> $query", $mysqli->errno); } catch(Exception $e ) { $mess = "Error No: ".$e->getCode(). " - ". $e->getMessage() . "<br >"; $mess .= nl2br($e->getTraceAsString()); $contact_email = "webmaster@website.com"; $message_sub = "Mysqli Registration Query Error [UAU01]"; $hdrs = "From: " . $contact_email . "\r\n"; $hdrs .= "Reply-To: ". $contact_email . "\r\n"; $hdrs .= "MIME-Version: 1.0\r\n"; $hdrs .= "Content-Type: text/html; charset=UTF-8\r\n"; mail($contact_email, $message_sub, $mess, $hdrs); } header("refresh: 10; registration.php"); die('ERROR: Unable to add you as a new user. Please report this error to us using our contact us form.<br><br>We will redirect you back to the registration form in 10 seconds.<br><br><div style="margin: auto; text-align: center;"><img src="http://static.website.com/images/loading.gif" alt="loading"></div>'); exit(); } $mysqli->close(); If the script above errors then it will send an error email to the webmaster (me) and also give a friendly error to the user before redirecting back to a registration page. I've got a similar error and refresh method for the other statements further up, but didn't think I should overload everyone with loads of similar code! Anyways, muchos help always appreciated!!! Similar TutorialsI have just got hold of a MySQLi class (a wrapper to the built in one of course), and for EVERY query sent they have used prepared statements. Is this right? I expected it to just send using the mysqli_query function (with the prepared statements option if selected). Should you send ALL queries using a prepared statement? What (if any) are the downfalls of using prepared statements? I'm trying to work with prepared statements, but unfortunately I do not get any result back. I also tried while($stmt->fetch()) { ... }, with the same effect.
Does anyone have a suggestion?
Thanks in advance.
<?php
MAKING CONNECTION
if ($stmt = $mysqli->prepare("SELECT year FROM SOMETABLE WHERE id = ? LIMIT 1")) {
$id = $_GET['id'];
$stmt->bind_param("i", $id);
$stmt->execute();
$stmt->bind_result($year);
$stmt->fetch();
echo $year;
$stmt->close();
}
$mysqli->close();
?>
Hi ! I am trying to translate my mysqli count query that works perfectly into prepared statements. Unfortunately, after playing around and using my knowledge of PS, I have come up with this script which fails to execute and returns a http 500 error. I may have missed something very silly, I require some guidance on fixing the error.
<?php
$conn = mysqli_connect("xxxx", "xxxx", "xxxx", "xxx");
$sel_query = "SELECT
S1, B1
COUNT(IF(S1 = ?, 1, NULL)) 'Accepted',
COUNT(IF(S1 = ?, 1, NULL)) 'Rejected',
COUNT(IF(S1 = ?, 1, NULL)) 'Under_Review' FROM Enrol";
$stmt = $conn->prepare($sel_query);
$Accepted="Accepted";
$Rejected="Rejected";
$Under_Review="Under Review";
$stmt->bind_param("sss",$Accepted, $Rejected, $Under_Review);
$stmt->execute();
$result = $stmt->get_result(); // get the mysqli result
if($result->num_rows === 0) exit('No records found!');
while($row = $result->fetch_assoc()) { ?>
<tr>
<td><?php echo $row["Accepted"]; ?></td>
<td><?php echo $row["Rejected"]; ?></td>
<td><?php echo $row["Under_Review"]; ?></td>
</tr>
</table>
Edited June 24, 2020 by PythonHelp I have a prepared statement class for MYSQL, since in PHP 5 this is now changing to mysqli; I'm looking for some help in changing the code from my existing class to the new mysqli.
I have done some research online about changing from mysql to mysqli but the changes I made seems to only cause issues with connecting to the database.
After many hours of changing the existing file using the research online, I've decided to start again and ask others if they would be ever so kind to help this noob out and point out which parts of the script needs to be changed.
Thank you for reading.
<?php
class Database {
private $host;
private $user;
private $pass;
private $name;
private $link;
private $error;
private $errno;
private $query;
function __construct($host, $user, $pass, $name = "", $conn = 1) {
$this -> host = $host;
$this -> user = $user;
$this -> pass = $pass;
if (!empty($name)) $this -> name = $name;
if ($conn == 1) $this -> connect();
}
function __destruct() {
@mysql_close($this->link);
}
public function connect() {
if ($this -> link = mysql_connect($this -> host, $this -> user, $this -> pass, TRUE)) {
if (!empty($this -> name)) {
if (!mysql_select_db($this -> name, $this->link)) $this -> exception("Could not connect to the database!");
}
} else {
$this -> exception("Could not create database connection!");
}
}
public function close() {
@mysql_close($this->link);
}
public function query($sql) {
if ($this->query = @mysql_query($sql, $this->link)) {
return $this->query;
} else {
$this->exception("Could not query database!");
return false;
}
}
public function num_rows($qid) {
if (empty($qid)) {
$this->exception("Could not get number of rows because no query id was supplied!");
return false;
} else {
return mysql_num_rows($qid);
}
}
public function fetch_array($qid) {
if (empty($qid)) {
$this->exception("Could not fetch array because no query id was supplied!");
return false;
} else {
$data = mysql_fetch_array($qid);
}
return $data;
}
public function fetch_array_assoc($qid) {
if (empty($qid)) {
$this->exception("Could not fetch array assoc because no query id was supplied!");
return false;
} else {
$data = mysql_fetch_array($qid, MYSQL_ASSOC);
}
return $data;
}
public function fetch_object($qid) {
if (empty($qid)) {
$this->exception("Could not fetch object assoc because no query id was supplied!");
return false;
} else {
$data = mysql_fetch_object($qid);
}
return $data;
}
public function fetch_all_array($sql, $assoc = true) {
$data = array();
if ($qid = $this->query($sql)) {
if ($assoc) {
while ($row = $this->fetch_array_assoc($qid)) {
$data[] = $row;
}
} else {
while ($row = $this->fetch_array($qid)) {
$data[] = $row;
}
}
} else {
return false;
}
return $data;
}
public function last_id() {
if ($id = mysql_insert_id()) {
return $id;
} else {
return false;
}
}
private function exception($message) {
if ($this->link) {
$this->error = mysql_error($this->link);
$this->errno = mysql_errno($this->link);
} else {
$this->error = mysql_error();
$this->errno = mysql_errno();
}
if (PHP_SAPI !== 'cli') {
?>
<div class="alert-bad">
<div>
Database Error
</div>
<div>
Message: <?php echo $message; ?>
</div>
<?php if (strlen($this->error) > 0): ?>
<div>
<?php echo $this->error; ?>
</div>
<?php endif; ?>
<div>
Script: <?php echo @$_SERVER['REQUEST_URI']; ?>
</div>
<?php if (strlen(@$_SERVER['HTTP_REFERER']) > 0): ?>
<div>
<?php echo @$_SERVER['HTTP_REFERER']; ?>
</div>
<?php endif; ?>
</div>
<?php
} else {
echo "MYSQL ERROR: " . ((isset($this->error) && !empty($this->error)) ? $this->error:'') . "\n";
};
}
}
?>
I've searched all over for the past few days trying to figure out what I'm doing wrong. Basically what I'm trying to do is create a prepared statement inside my User class. I can connect to the database, but my query does not execute as expected. Here's the code for my User class Code: [Select] <?php include '../includes/Constants.php'; ?> <?php /** * Description of User * * @author Eric Evas */ class User { var $id, $fname, $lname, $email, $username, $password, $conf_pass; protected static $db_conn; //declare variables public function __construct() { $host = DB_HOST; $user = DB_USER; $pass = DB_PASS; $db = DB_NAME; //Connect to database $this->db_conn = new mysqli($host, $user, $pass, $db); //Check database connection if ($this->db_conn->connect_error) { echo 'Connection Fail: ' . mysqli_connect_error(); } else { echo 'Connected'; } } function regUser($fname, $lname, $email, $username, $password, $conf_pass) { if ($stmt = $this->db_conn->prepare("INSERT INTO USERS (user_fname,user_lname, user_email,username,user_pass) VALUES (?,?,?,?,?)")) { $stmt->bind_param('sssss', $this->fname, $this->lname, $this->email, $this->username, $this->password); $stmt->execute(); $stmt->store_result(); $stmt->close(); } } } ?> And here's the file that I created to instantiate an instance of the user class. Code: [Select] <?php include_once 'User.php'; ?> <?php //Creating new User Object $newUser = new User(); $newUser->fname = $_POST['fname']; $newUser->lname = $_POST['lname']; $newUser->email = $_POST['email']; $newUser->username = $_POST['username']; $newUser->password = $_POST['password']; $newUser->conf_pass = $_POST['conf_pass']; $newUser->regUser($newUser->fname, $newUser->lname, $newUser->email, $newUser->username, $newUser->password, $newUser->conf_pass); ?> And lastly heres the form that I want to get info from the user to insert into the database Code: [Select] <html> <head> <title></title> <link href="stylesheets/styles.css" rel="stylesheet" type="text/css"/> </head> <body> <form action = "Resources/testClass.php" method="post" enctype="multipart/form-data"> <label>First Name: </label> <input type="text" name="fname" id="fname" size="25" maxlength="25"/> <label>Last Name: </label> <input type="text" name="lname" id="lname" size="25" maxlength="25"/> <label>Email: </label> <input type="text" name="email" id="email" size="25" maxlength="40"/> <label>Username: </label> <input type="text" name="username" id="username" size="25" maxlength="32"/> <label>Password: </label> <input type="password" name="password" id="password" size="25" maxlength="32"/> <label>Re-enter Password: </label> <input type="password" name="conf_pass" id="conf_pass" size="25" maxlength="32"/> <br /><br /> <input type="submit" name="submit" id="submit" value="Register"/> <input type="reset" name="reset" id="reset" value="Reset"/> </form> </body> </html> Hi,
I have the following query
SELECT user_details.User_club_ID, user_details.fname, user_details.lname, user_details.email, user_details.club_No club.CLUBCODE, club.club_id FROM user_details, club WHERE club_id = $cid AND user_details.club_No = club.CLUBCODE AND user_status = 'active'";which I converted to a prepared statement as SELECT user_details.User_club_ID, user_details.fname, user_details.lname, user_details.email, user_details.club_No club.CLUBCODE, club.club_id FROM user_details, club WHERE club_id = ? AND user_details.club_No = club.CLUBCODE AND user_status = ?";Please note that user_status is a field in the table user_details. The original query (non -PDO) works correctly. I want to know if this is correct and that the comparison in the WHERE clause i.e. user_details.club_No = club.CLUBCODE is security safe. If not then how should this be modified. Also if there is a better way to write this statement, kindly show that as well. Thanks Thanks all ! Edited by ajoo, 11 December 2014 - 02:35 AM. Anyone know how to cast arabic numeric input to (int) ? Or how to convert arabic numerals to english numerals? I created an auction website, inputting english numbers seems to work. However when I switch languages to Arabic, it doesn't work. By casting any arabic numeral input to (int) It keeps returning 0. ١٢٣٤٥٦٧٨٩ 123456789 Just wondering if anyone knew of one? I have been looking for ages but can't find what I need. In java: Code: [Select] public class Test { public static void main(String[] args) { System.out.println((byte)0xff); } } Outputs: Code: [Select] -1 I've tried things like <?php $var = pack('H', 0xff); echo $var; ?> But that doesn't output anything hello , I'm starting to use mysqli and i have few questions. is there a guide for mysqli? and how do i use this functions at mysqli ? mysql_num_rows mysql_query mysql_fetch_assoc mysql_fetch_array thanks , Mor. I am using mysqli, OO, to connect to MySQL. I have only today started looking at this and am used to: Code: [Select] <?php $con = mysql_connect();//etc mysql_close($connection); ?> Am I right that with mysqli (OO) that I don't need to set a connection variable wither when connecting or closing?? Code: [Select] <?php mysqli::connect();//etc mysqli::close(); ?> What about with multiple databases, does mysqli keep track for me, as I am used to this: Code: [Select] <?php $con1 = mysql_connect();//db1 $con2 = mysql_connect();//db2 ?> //etc
The below code produces a dropdown and when a selection is made and submitted produces ---------------------------------------------------------------------------
<!DOCTYPE><html><head>
<title>lookup menu</title>
</head>
<body><center><b>
<form name="form" method="post" action="">
<?php
// error_reporting(0);
error_reporting(E_ALL ^ E_NOTICE);
include 'homedb-connect.php';
//This creates the drop down box
echo "<select name= 'target'>";
echo '<option value="">'.'--- Select account ---'.'</option>';
$query = mysqli_query($con,"SELECT target FROM lookuptbl");
$query_display = mysqli_query($con,"SELECT * FROM lookuptbl");
while($row=mysqli_fetch_array($query))
{echo "<option value='". $row['target']."'>".$row['target']
.'</option>';}
echo '</select>';
?>
<input type="submit" name="submit" value="Submit"/>
</form><center>
<?php
// error_reporting(0);
error_reporting(E_ALL ^ E_NOTICE);
include 'homedb-connect.php';
if(isset($_POST['target']))
{
$name = $_POST['target'];
$fetch="SELECT target, purpose, user, password, email, visits, date,
saved FROM lookuptbl WHERE target = '".$name."'";
$result = mysqli_query($con,$fetch);
if(!$result)
{echo "Error:".(mysqli_error($con));}
//display the table
echo '<table border="1"><tr><td bgcolor="#ccffff" align="center">lookup menu</td></tr>
<tr><td>
<table border="1">
<tr>
<td> Target </td>
<td> Purpose </td>
<td> User </td>
<td> Password </td>
<td> Email </td>
<td> Visits </td>
<td> Date </td>
<td> Saved </td>
</tr>';
while($data=mysqli_fetch_row($result))
{
$url= "http://localhost/home/crud-link.php?target=". $data[0];
$link= '<a href="'.$url.'">'. $data[0]. '</a>';
echo ("<tr><td> $link </td><td>$data[1]</td><td>$data[2]</td><td>$data[3]</td>
<td>$data[4]</td><td>$data[5]</td><td>$data[6]</td><td>$data[7]</td></tr>");
}
echo '</table>
</td></tr></table>';
}
?>
</body></html>
When running the following code i get the error: Call to undefined method mysqli::errno() the code: $conn = new mysqli(HOST, USER, PASSWORD, DATABASE); if ($conn->errno() !== 0) { $msg = $conn->error(); throw new connErrorException($msg, 'Connect'); } I am fairly new to classes but as i understand it this should be correct. I am using mysql 5.1 so mysqli is on by default. I have even checked the php ini and everything looks fine there in respect to this. Any advice? I dont know whether the statement is correct.....i just tried it.....and it didn't work. $stmt->bind_param('ssiiiss',$_POST['name'],$_POST['email'],$_POST['d'],$_POST['m'],$_POST['y'],$_POST['add'],$_POST['phone']); here my first two values are strings and next 2 tiny int's next is int and last 2 again strings. Hi, The following code is what I want in that it creates a menu and I can select and display a table row.
I still need to use that selection to update the "lastused". I really appreciate your help. <!DOCTYPE><html><head><title>email menu</title></head> <body><center> <form name="form" method="post" action=""> <?php $con=mysqli_connect("localhost","root","cookie","homedb"); //============== check connection if(mysqli_errno($con)) {echo "Can't Connect to mySQL:".mysqli_connect_error();} else {echo "Connected to mySQL</br>";} //This creates the drop down box echo "<select name= 'target'>"; echo '<option value="">'.'--- Select email account ---'.'</option>'; $query = mysqli_query($con,"SELECT target FROM emailtbl"); $query_display = mysqli_query($con,"SELECT * FROM emailtbl"); while($row=mysqli_fetch_array($query)) {echo "<option value='". $row['target']."'>".$row['target'] .'</option>';} echo '</select>'; ?> <input type="submit" name="submit" value="Submit"/><!-- update "lastused" using selected "target"--> </form></body></html> <!DOCTYPE><html><head><title>email menu</title></head> <body><center> <?php $con=mysqli_connect("localhost","root","cookie","homedb"); if(mysqli_errno($con)) {echo "Can't Connect to mySQL:".mysqli_connect_error();} if(isset($_POST['target'])) { $name = $_POST['target']; $fetch="SELECT target,username,password,emailused,lastused, purpose, saved FROM emailtbl WHERE target = '".$name."'"; $result = mysqli_query($con,$fetch); if(!$result) {echo "Error:".(mysqli_error($con));} $lastused = "CURDATE()"; // update "lastused" using selected "target" //display the table echo '<table border="1">'.'<tr>'.'<td bgcolor="#ccffff align="center">'. 'Email menu'. '</td>'.'</tr>'; echo '<tr>'.'<td>'.'<table border="1">'.'<tr>'.'<td bgcolor="#ccffff align="center">'.'target'.'</td>'.'<td bgcolor="#ccffff align="center">'.'username'.'</td>'.'<td bgcolor="#ccffff align="center">'.'password'.'</td>'.'<td bgcolor="#ccffff align="center">'.'emailused'.'</td>'.'<td bgcolor="#ccffff align="center">'.'lastused'.'</td>'.'<td bgcolor="#ccffff align="center">'.'purpose'. '</td>'.'<td bgcolor="#ccffff align="center">'. 'saved' .'</td>'.'</tr>'; while($data=mysqli_fetch_row($result)) {echo ("<tr><td>$data[0]</td><td>$data[1]</td><td>$data[2]</td><td>$data[3]</td><td>$data[4]</td><td>$data[5]</td><td>$data[6]</td></tr>");} echo '</table>'.'</td>'.'</tr>'.'</table>'; } ?> </body></html> Hello everyone, For two weeks now, I'm trying to get this database connection in my query. Can someone give me a solution and tell me what I've done wrong? Am I overlooking something? <?php class Mysql{ public function connect(){ $mysqli = new mysqli('localhost','root','','login'); } } class Query extends Mysql{ public function runQuery(){ $this->result = parent::connect()->query("select bla bla from bla bla"); } } $query = new Query; $query->runQuery(); ?> I have just started using MySQLi and am clueless it is giving me the follow errors in which i do not understand
Warning: mysqli_select_db() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\Login\connect.php on line 23 Notice: Trying to get property of non-object in C:\xampp\htdocs\Login\connect.php on line 25 Notice: Use of undefined constant mysqli - assumed 'mysqli' in C:\xampp\htdocs\Login\connect.php on line 32 Warning: mysqli_query() expects parameter 1 to be mysqli, string given in C:\xampp\htdocs\Login\connect.php on line 32 Warning: mysql_fetch_assoc() expects parameter 1 to be resource, null given in C:\xampp\htdocs\Login\connect.php on line 33 can someone please explain to me why i am getting these? and my code is
$mysqli_db = mysqli_select_db("$db_name");
if($mysqli_db->connect_errno) {
printf("Database not found: %s\n", $mysql->connect_error);
exit();
}
$sql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'";
$result = mysqli_query($sql);
$row = mysqli_fetch_assoc($result);
I just got rid off most the errors the only ones left are
Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\xampp\htdocs\Login\connect.php on line 32Fatal error: Call to undefined function mysqli_result() in C:\xampp\htdocs\Login\connect.php on line 33 Code Updated:
$mysqli_db = mysqli_select_db($mysqli_connect, $db_name);
if(!$mysqli_db) {
printf("Database not found: %s\n", $mysqli->connect_error);
exit();
}
$sql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'";
$query = mysqli_query($sql);
$result = mysqli_result($query);
$row = mysqli_fetch_assoc($result);
Edited by Tom8001, 30 November 2014 - 12:43 PM. Ok I am trying to use mysqli instead of the usual mysql. Mysql would be outdated. With mysqli, sgl-injection is impossible if you use the "?" in those codes. I would normally use a function but I've made a simple script to find the error. I use $parameters and $sql because these are the data I need to give as parameters to the function, so I used it here too but without the function actually. Code: [Select] ini_set('display_errors',1); // 1 == aan , 0 == uit error_reporting(E_ALL | E_STRICT); # sql debug define('DEBUG_MODE',true); // true == aan, false == uit $userid = 11; $lang = 1; $newLink = "testing123"; $db_host = "localhost"; $db_gebruiker = "root"; $db_wachtwoord = ''; $db_naam = "projecteasywebsite"; $sql= "INSERT tbl_link(userid,linkcat,linksubid,linklang,linkactive,linktitle) VALUES(?, ?, ?, ?, ?, ?)"; $parameters = '"iiisis", $userid, 1, 0, $lang, 1, $newLink'; echo $parameters; $mysqli = new mysqli($db_host, $db_gebruiker, $db_wachtwoord, $db_naam); $stmt = $mysqli->prepare($sql); $stmt->bind_param($parameters); $stmt->execute(); echo "<br><br>". mysqli_connect_errno(); echo "<br><br>". mysqli_report(MYSQLI_REPORT_ERROR); $stmt->close(); $mysqli->close(); I got Wrong parameter count for mysqli_stmt::bind_param() So naturally a problem when we execute : Warning: mysqli_stmt::execute() [mysqli-stmt.execute]: (HY000/2031): No data supplied for parameters in prepared statement ($stmt->execute() Is someone using mysqli too ? Hi,
I'm trying to write a better PHP code to create and manage my website.
I would like to start a MVC approach with PHP, using OOP. So I can manage the updates in a better way. For example, to begin my project, I would try with the shipping cost of our products, using a Class without merge the PHP and HTML code.
Something like this:
$shippingcost=new ShippingCost(); $shippingcost->state="Italy"; $shippingcost->get(); // here I have an array with cost, discount, time ecc.And If I need it in JSON, I write:
$shippingcost->get("JSON"); // here I have the JSON with cost, discount, time ecc.
I wrote the Class in this way:
class ShippingCost
{
public $state;
private $arrayReturned;
public function __construct() {
$this->stato="Italy"; // the default state
}
public function __destruct() {
}
public function get($format="array") {
$this->arrayReturned=array(
"cost" => 3.99,
"costDiscounted" => 7.99,
"discount" => "50%"
);
if (strtolower($formato)=="json") {
$this->arrayReturned=json_encode($this->arrayReturned);
}
return $this->arrayReturned;
}
}
It works well, but I need to get the values from a MySQL db. How can pass the MySQL connection to the Class? I'm not able to do this.
Thanks in advance and have a great 2015.
Rob.
This line of PHP mysqli::__construct($CFG->dbhost, $CFG->dbuser, $CFG->dbpass, $CFG->dbname); returns Quote Fatal error: Non-static method mysqli::mysqli() cannot be called statically in Why does it do this? I want to use the OOP MySQLi methods in PHP and NO procedural PHP |
|||||||