Mysqli oop

broac · May 10, 2014, 5:11am

hello, im new to OOP in PHP and i got problem in PHPMysql since mysql migrated to improved mysql. I really need your ideas since i got a problem to connect a database using OOP and the same time, i want also to use Object-Oriented Mysqli in querying my database.

This is my DB.class.php:


<?php
$DB_SERVER =  'localhost';
$DB_USERNAME = 'username';
$DB_PASSWORD = 'password';
$DB_DATABASE = 'database';

class DB
{
function __construct()
{
$conn= new mysqli($DB_SERVER, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE) or
die('Oops connection error -> ' . $conn->error());
$conn->select_db($DB_DATABASE)
or die('Database error -> ' .$conn->error());
}
}
?>

Here is my User.class.php:


<?php
include_once 'DB.class.php';

class User
{
//Database connect
public function __construct()
{
$db = new DB();
}
//Registration process
public function register_user($name, $username, $password, $email)
{
$password = md5($password);
$sql = mysql_query("SELECT uid from users WHERE username = '$username' or email = '$email'");
$no_rows = mysql_num_rows($sql);
if ($no_rows == 0)
{
$result = mysql_query("INSERT INTO users(username, password, name, email) values ('$username', '$password','$name','$email')") or die(mysql_error());
return $result;
}
else
{
return FALSE;
}
}

my question is, is there possible if using the following code inside my User class ($conn->query) since i try to use oop in mysqli?

$conn->query("SELECT uid from users WHERE username = '$username' or email = '$email'");

Thank you.

SpacePhoenix · May 10, 2014, 6:51am

You’re trying to mix and match the old (and deprecated) mysql_* extension with the newer mysqi_* extension. The mysql_* extension is now deprecated as of the current version of PHP and will very likely be removed from the next 5.x version and will likely not be in PHP 6.x (when it eventually is released). If you’re not too far into the project, consider using PDO as that has the advantages to the mysqli_* extension but in addition you can use named parameters when using prepared statements.

Leaving aside the mixing and matching, the code is wide open to an SQL injection attack. You should be using prepared statements. Have a read of this article from the PHP manual, it shows how to use prepared statements with PDO and also explains the principle.

Finally the md5 hashing has been rainbowed tabled to death and isn’t really too secure anymore. Your should be using the password hashing functions (new to PHP 5.5). This way, you won’t have to specify an algorithm, a cost, or even a salt. It does it all for you, and it does it right. If you need to support versions of PHP earlier tha 5.5, then you can use this [URL=“https://github.com/ircmaxell/password_compat”]forward compatibility library.

Topic		Replies	Views
Database connections with OOP PHP and mysqli PHP	17	123862	October 8, 2014
Query mysql using oop PHP	5	2451	October 8, 2014
Object Oriented PHP PHP	4	289	November 24, 2010
Error when using an Object oriented function and mysqli PHP	6	4081	October 8, 2014
Critique first step into OOP? PHP	2	580	December 23, 2010

Mysqli oop

Related topics