0

Hi, I'm building a basic log in system just to learn the ropes of PHP. Currently I'm a bit stuck. I'm trying to get a connection through a function file sorted for the rest of it to work but it's proving far more complicated then I thought. This is my best attempt. Login.php.

<?php

$conn = new dbmember();
$conn->openDB();
//$con=mysqli_connect("x","x","x","x"); redundant as I want to do this through a class!

$user=$_POST['user']; 
$password=$_POST['password'];

if(isset($_POST['submit'])){


//To ensure that none of the fields are blank when submitting the form if
if(isset($_POST['user']) && isset($_POST['password'])) 
    {    

        $user = stripslashes($user);
        $password = stripslashes($password);
    L98    $user = $this->mysqli_real_escape_string($conn, $user);
        $password = $this->mysqli_real_escape_string($conn, $password);

        //SQL Injection Ahoy! I know...but future versions aim to be robust!

$sql="SELECT * FROM users WHERE username='{$user}' AND password='{$password}' LIMIT 1;";
$result=mysqli_query($con->conn, $sql);

$row=mysqli_fetch_array($result);

if($row[0]==1)
{
    session_start();
    $_SESSION['user'] = $user;
    $_SESSION['password'] = $password;
    $_SESSION['loggedin'] = "true";
    header("location:index.php");
}
        else
        {
            print ('<div id="error">Acess denied, wrong username or password?</div>');
        }
        }
        else
            {
            print ('<div id="error">Enter something!</div>');
        }

}

    ?>



functions.php
require("assets/configs/db_config.php");

class dbmember()
$var conn

 function openDB() {


//1. Create a database connection
$this->conn = mysqli_connect("localhost" , "login", "pass","db_db");
if (!$this->conn)
{
    $this->error_msg = "connection error could not connect to the database:! ";  
}
            return $this;
}

Fatal error: Using $this when not in object context in C:\xampp\htdocs\c\login.php on line 98

Please advise

2
Contributors
5
Replies
21
Views
4 Years
Discussion Span
Last Post by pritaeas
0

A class definition requires curly brackets, so add one on line 56, and close it after line 69.

Why are you putting the mysqli connect in a class, when you can use the mysqli as an object already? Perhaps this may help.

Edited by pritaeas

0

I looked at that. Thanks. Class was OK I just mis-pasted some of the code.

As the example,

$mysqli = @new mysqli('localhost', 'myuser', 'mypassword', 'mydatabase');

Would this be sufficient in place of

//1. Create a database connection
$this->conn = mysqli_connect("x" , "x", "x","x");
if (!$this->conn)
{
    $this->error_msg = "connection error could not connect to the database:! ";  
}
            return $this;
}

So we could have something like this =

  function openDB() {

       $mysqli = @new mysqli('localhost', 'myuser', 'mypassword', 'mydatabase');

if (!$this->mysqli)
{
    $this->error_msg = "connection error could not connect to the database:! ";  
}
            return $mysqli;
}

Or am I barking up the wrong tree do you think. If not, and this is OK. How would I reference the connection? Like this?

 <?php

$conn = new dbmember();
$conn->openDB();
//$con=mysqli_connect("x","x","x","x");

$user=$_POST['user']; 
$password=$_POST['password'];

if(isset($_POST['submit'])){


//To ensure that none of the fields are blank when submitting the form if
if(isset($_POST['user']) && isset($_POST['password'])) 
    {    

        $user = stripslashes($user);
        $password = stripslashes($password);
        $user = $this->mysqli_real_escape_string($mysqli, $user);
        $password = $this->mysqli_real_escape_string($mysqli, $password);

        //SQL Injection Ahoy! I know...but future versions aim to be robust!

$sql="SELECT * FROM users WHERE username='{$user}' AND password='{$password}' LIMIT 1;";
$result=mysqli_query($con->conn, $sql);

$row=mysqli_fetch_array($result);

if($row[0]==1)
{
    session_start();
    $_SESSION['user'] = $user;
    $_SESSION['password'] = $password;
    $_SESSION['loggedin'] = "true";
    header("location:index.php");
}
        else
        {
            print ('<div id="error">Acess denied, wrong username or password?</div>');
        }
        }
        else
            {
            print ('<div id="error">Enter something!</div>');
        }

}

    ?>

Sorry for all these rather dumb looking questions.

Edited by shapeape

0

You are on the right track, but miss a little basic stuff about classes I think. Basically you can do this:

class dbmember 
{
    public $conn;
    public $error;

    public __construct()
    {
        $this->conn = mysqli_connect(...);
        if (!$this->conn)
            $this->error = 'Error';
    }
}

// Then you can use
$conn = new dbmember();
if (!empty($conn->error))
    die($conn->error);

// ...    
$result = mysqli_query($conn->conn, $sql);

This works, but now you would be mixing a nice OOP construct with procedural MySQLi.

0

Would you suggest its better to do it that way (mixing OOP and P)then to continue with the way that I have been trying (through a class method)?

Edited by shapeape

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.