All geek questions in one place

You don’t immediately see what is behind it (php, school)

I am a 2nd year student of ICT. I never did PHP until this year, and our instructor gave us the basics and at the end of the semester gave us a project that would combine what we learned in his course and the database course. We had to use the classic AMP setting for windows.

Now our instructor told us to make a website profile based on how we did less in class.

I see no reason for the somewhat strange method of entering a user into a database.

Firstly, we do some PHP checks to make sure that the entered data is safe and somewhat realistic (for example, the zip codes here are 4 numbers, never again and no letters or other characters).

When everything is checked in order, we do the following:

$sql = new SqlObject(); //from SqlObject.class.php
$newUser = new User(login,passw,mail,...,...,...); //from User.class.php
$sql->addUser($newUser);

The SqlObject class is a class that contains all the SQL commands that we need to update, insert, and usually modify data in the database. We never write SQL to our regular pages. But this is not what I am confused about. This is the file User.class.php.

This file contains only the constructor and exactly the same number of fields that must be entered into the database. For example:

<?php

  class User {
    // members
    var $id;
    var $name;
    var $password;

    // constructor
    function User($id=-1,$name='',$password='') {
        $this->id = $id;
        $this->name = $name;
        $this->password = $password;
    }
}

?>

What is it. The SqlObject.class.php file requires the User.class.php file on the first line.

The function addUser($user)in the SqlObject.class.php file is as follows:

function addUser($user) {
  $insQuery = 'INSERT INTO users(name,password)';
  $insQuery.= " VALUES ('".$user->name."', '".$user->password."')";
  @mysql_query($insQuery) or showError("user insert failed");
}

Why make such a detour through the User.class.php file? Reason for security?

I repeat: this is my first year using PHP, and I'm still a student.

EDIT: People complain that there are no SQL injection checks before inserting data.

" ". register.php . Regex, mysql_real_escape_string() . , , :

$sql = new SqlObject(); //from SqlObject.class.php
$newUser = new User(login,passw,mail,...,...,...); //from User.class.php
$sql->addUser($newUser);

, , , SqlObject.class.php.

EDIT2: ,

+3
6

, ,

 function addUser($name='',$password='') { etc

, , , , , User - - , , , .

, , suer, addUer . ​​ - , , , . , User, - addUser. . , .

+5

, addUser() , SQL-, . -

function addUser($user) {
  $insQuery = 'INSERT INTO users(name,password)';
  $insQuery.= " VALUES ('".mysql_real_escape_string($user->name)."',";
  $insQuery.= " '".mysql_real_escape_string($user->password)."')";
  @mysql_query($insQuery) or showError("user insert failed");
}

, , SQL , .

, , , .

. User , , SQL, , .

, , - , User, , a, , printUser() - .

function printUser() {
    return "Mr. ".$this->name;
}

, . , .

:

, SQL-, :)

SQL- "formchecking", SQL-. " " - , , zipcodes .., , , SQL.

, :

$name = formcheck("John O'Donnell"); //Where you do all your checking step,
                                     //including mysql_real_escape_string
$user = new User($name,"gandalf");

,

mysql_real_escape_string("John O'Donnell") = "John O\'Donnell";

:

 echo "Welcome ".$user->printUser();

:

Welcome Mr. John O\'Donell
+2

, . , . , , , ect.

, , . , , , . , .

+2

-, , SQL-, , . , .

mysql_real_escape_string ? !

, OP.. . : . - ( ) , datalayer ( sqlobject). , , , .

+1

OO PHP, . ? SqlObject AddUser(), , User. SqlUser SqlObject . , SQL. , , , , . ( , , !)

, , , , . , , . , . , , . , . (, , .)

0

if the AddUser class is inside SqlClass, it means that only SqlClass can add a user. this would mean that the sql class must depend on the user class in order to know what the user represents before he can add it. (you could not add apples and oranges, especially if you did not know what an orange is)

0
source

Source: https://habr.com/ru/post/1715284/

More articles:


All Articles