Upload Query needed

Mohammad_Fallah · July 11, 2016, 6:48am

I have insert and select query and just need help with update query:please help!!

<?php

/**
 * Created by PhpStorm.
 * User: Mo
 * Date: 29/06/2016
 * Time: 05:06 PM
 */
class Database
{
    private $host;
    private $username;
    private $password;
    private $dbname;
    private $link;

    function __construct()
    {
        $this->host = 'localhost';
        $this->username = 'root';
        $this->password = '123';
        $this->dbname = 'school';
    }


    /**
     *
     */
    public function connect()
    {
        $this->link = mysqli_connect($this->host, $this->username, $this->password, $this->dbname);
        if (!$this->link) {
            die('Cannot connect to database!');
        }

    }

    public function disconnect()
    {
        mysqli_close($this->link);
    }

    public function insert($table, $columns, $values)
    {
        if (count($columns) != count($values))
            return false;

        $cols = implode(',', $columns);
        $vals = implode('","', $values);
        $vals = '"' . $vals . '"';
        $sql = "insert into $table ($cols) values ($vals)";

        $this->connect();
        mysqli_query($this->link, $sql);
        $this->disconnect();

    }
    //Select

    public function select($table, $columns = array(), $condition = array())
    {

        $this->connect();
        $where = '1 = 1 ';
        foreach ($condition as $row){
            $str =  $row['type'].' '.$row['col']. ' '.$row['cnd']. ' "'.$row['value'].'" ';
            $where .= $str;
        }

        $cols = '';
        if(empty($columns))  $cols = '*';
        else $cols = implode(',', $columns );

        $sql_select = "select $cols from $table where $where" ;
        $this->connect();
        $result = mysqli_query($this->link, $sql_select);

        $rows = array();
        while($row = mysqli_fetch_array($result)) {
                $rows[] = $row;
        }
        $this->disconnect();
        return $rows;

    }

    //Delete
        public function delete($table, $condition = array())
        {
            $this->connect();
            $where = '1 = 1 ';
            foreach ($condition as $row){
                $str =  $row['type'].' '.$row['col']. ' '.$row['cnd']. ' "'.$row['value'].'" ';
                $where .= $str;
            }
            $sql_del = "delete from $table where $where ";
            if(mysqli_query($this->link, $sql_del))
                $result =  true;
            else
                $result =  false;
            $this->disconnect();
            return $result;
        }
    //Update

    public function update($table, $data, $where)
    {
        $cols = array();

        foreach($data as $key=>$val) {
            $cols[] = "$key = '$val'";
        }
        $sql_update = "update $table set " . implode(', ', $cols) . " where $where";

        return($sql_update);
    }


        public function query($sql){
            $this->connect();
            $result = mysqli_query($this->link, $sql);
            $this->disconnect();
            return $result;
        }
    
    }

droopsnoot · July 11, 2016, 9:15am

What help do you need? Do you get errors when you try to use the query, if so, what are the errors?

AjitKhodke · July 11, 2016, 10:29am

Hello Mohammad,
Can you please elaborate, what do want exactly? Are given query working properly?

Gandalf · July 11, 2016, 10:37am

You have just posted a PHP class. What PHP code have you created to use this class?

felgall · July 11, 2016, 9:33pm

They are presumably vulnerable to all sorts of security issues given that they use query instead of prepare/bind.

droopsnoot · July 12, 2016, 9:27am

And there’s no checking whether the $where condition has anything in it inside the update() function.

Still, pointless speculating until the OP comes back to tell us what problem needs to be fixed.

spaceshiptrooper · July 12, 2016, 12:24pm

I actually like the fact that the OP is actually using OOP. Most beginners would NEVER step into that area. They usually stray from it until it is really needed. I like it that the OP is trying NOT to be like that. The only problem is that they are allowing SQL Injections to happen when they stuff those variables inside those queries. And the fact that they aren’t using the OOP version of mysqli_* or PDO for that matter.

I also think the OP doesn’t know the syntax to update the queries as the queries are just returned and not being executed to update the data.

droopsnoot · July 12, 2016, 5:58pm

I hadn’t noticed that - but it’s only the update query that doesn’t get executed, the rest do.

spaceshiptrooper · July 12, 2016, 6:41pm

I also noticed that the connection gets connected and right after every query, OP disconnects. Wouldn’t it be more efficient to set the connection and then only disconnect when every query has been executed? That being said, isn’t the __destruct function be appropriate for disconnecting as it will be called after the page has been done executing?

It is also a good idea to reuse the connection so wouldn’t it be wise to create the connection in the constructor and then reference it using $this-> instead of creating a new connection on ever query.

system · October 12, 2016, 1:42am

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.