1. 首頁
  2. 問答
  3. 致命錯誤:在不在C:\ xampp \ htdocs \ BaseballTuts \ include \ class.user.php中的對象上下文中時使用$ this

致命錯誤:在不在C:\ xampp \ htdocs \ BaseballTuts \ include \ class.user.php中的對象上下文中時使用$ this

2014-10-03 129 views
0

當我檢查表中是否有用戶名時,出現問題。

在我class.user.php我得到這個錯誤:

*致命錯誤:使用$這個時候不是在C對象方面:\ XAMPP \ htdocs中\ BaseballTuts \包括\ class.user .PHP在線47 *

這個我class.user.php是怎麼寫的:

<?php 
include "db_config.php"; 

class User{ 

    public $db; 
    public function __construct(){ 
     $this->db = new mysqli(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_DATABASE); 

     if(mysqli_connect_errno()) { 

      echo "Error: Could not connect to database."; 

     exit; 

     } 
    } 

    /*** for registration process ***/ 
    public function reg_user($name,$nickname,$gender,$birthdate,$address,$email,$short_info,$username,$password){ 


     $password = md5($password); 
     $sql="SELECT * FROM `user` WHERE `username`='$username' OR `email`='$email'"; 

     //checking if the username or email is available in db 
     $check = $this->db->query($sql) ; 
     $count_row = $check->num_rows; 

     //if the username is not in db then insert to the table 
     if ($count_row == 0){ 
      $sql1="INSERT INTO `user` SET `name`='$name', `nickname`='$nickname', `gender`='$gender', `birthdate`= '$birthdate', `address`='$address', `email` = '$email', `short_info`= '$short_info', `username` = '$username', `password` = '$password'"; 
      $result = mysqli_query($this->db,$sql1) or die(mysqli_connect_errno()."Data cannot inserted"); 
      return $result; 
     } 
     else { return false;} 
    } 


    /*** for login process ***/ 
    public function check_login($emailusername, $password){ 

     $password = md5($password); 
     $sql2="SELECT `user_id` from `user` WHERE `email`='$emailusername' or `username`='$emailusername' and `password`='$password'"; 

     //checking if the username is available in the table 
    *** $result = mysqli_query($this->db,$sql2);*** 
     $user_data = mysqli_fetch_array($result); 
     $count_row = $result->num_rows; 

     if ($count_row == 1) { 
      // this login var will use for the session thing 
      $_SESSION['login'] = true; 
      $_SESSION['id'] = $user_data['user_id']; 
      return true; 
     } 
     else{ 
      return false; 
     } 
    } 

    /*** for showing the username or fullname ***/ 
    public function get_fullname($uid){ 
     $sql3="SELECT fullname FROM users WHERE uid = $uid"; 
     $result = mysqli_query($this->db,$sql3); 
     $user_data = mysqli_fetch_array($result); 
     echo $user_data['fullname']; 
    } 

    /*** starting the session ***/ 
    public function get_session(){  
     return $_SESSION['login']; 
    } 

    public function user_logout() { 
     $_SESSION['login'] = FALSE; 
     session_destroy(); 
    } 

} 

?>

,這我怎麼稱呼check_login:

session_start(); 
include_once 'include/class.user.php'; 
$user = new User(); 

if (isset($_REQUEST['submit'])) { 
    extract($_REQUEST); 
    $login = $user->check_login($emailusername, $password); 
    if ($login) { 
     // Registration Success 
     header("location:home.php"); 
    } else { 
     // Registration Failed 
     echo 'Wrong username or password'; 
    } 
}

來源

2014-10-03 Tardz Bert

+0

請在發佈之前使用預覽...這是有原因的! – 2014-10-03 10:50:12

+4

你打電話給'check_login'? – 2014-10-03 10:50:58

+0

您的代碼易受SQL注入攻擊。你應該閱讀[如何在PHP中防止它們](http://stackoverflow.com/q/60174/53114)。 – Gumbo 2014-10-03 10:52:12

回答

0

呼叫像下面的代碼功能:

$emailusername = ''; 
$password = ''; 

$userObj = new User(); 
$result = $userObj->check_login($emailusername, $password);

如果仍然有一個問題,我建議你修改類似下面的代碼:

所有的 
<?php 
include "db_config.php"; 

class User{ 

    private $db; 

    public function __construct(){ 
     $this->connect(); 
    } 

    private function connect($db_connect=true){ 
     if($db_connect){ 
      $this->db = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
      if(mysqli_connect_errno()){ 
       printf("DB Connect failed: %s\n", mysqli_connect_error()); 
       exit(); 
      } 
     } 
    } 

    /*** for registration process ***/ 
    public function reg_user($name,$nickname,$gender,$birthdate,$address,$email,$short_info,$username,$password){ 
     // Get the MySQLi object 
     $db = $this->db; 
     if(empty($db)){ 
      $this->connect(); 
      $db = $this->db; 
     } 

     $password = md5($password); 
     $sql="SELECT * FROM `user` WHERE `username`='$username' OR `email`='$email'"; 

     //checking if the username or email is available in db 
     $check = $this->db->query($sql) ; 
     $count_row = $check->num_rows; 

     //if the username is not in db then insert to the table 
     if ($count_row == 0){ 
      $sql1="INSERT INTO `user` SET `name`='$name', `nickname`='$nickname', `gender`='$gender', `birthdate`= '$birthdate', `address`='$address', `email` = '$email', `short_info`= '$short_info', `username` = '$username', `password` = '$password'"; 
      $result = mysqli_query($this->db,$sql1) or die(mysqli_connect_errno()."Data cannot inserted"); 
      return $result; 
     } 
     else { return false;} 

     mysqli_close($db); 
     $this->db = null; 
    } 


    /*** for login process ***/ 
    public function check_login($emailusername, $password){ 
     // Get the MySQLi object 
     $db = $this->db; 
     if(empty($db)){ 
      $this->connect(); 
      $db = $this->db; 
     } 

     $password = md5($password); 
     $sql2="SELECT `user_id` from `user` WHERE `email`='$emailusername' or `username`='$emailusername' and `password`='$password'"; 

     //checking if the username is available in the table 
    *** $result = mysqli_query($this->db,$sql2);*** 
     $user_data = mysqli_fetch_array($result); 
     $count_row = $result->num_rows; 

     if ($count_row == 1) { 
      // this login var will use for the session thing 
      $_SESSION['login'] = true; 
      $_SESSION['id'] = $user_data['user_id']; 
      return true; 
     } 
     else{ 
      return false; 
     } 

     mysqli_close($db); 
     $this->db = null; 
    } 

    /*** for showing the username or fullname ***/ 
    public function get_fullname($uid){ 
     // Get the MySQLi object 
     $db = $this->db; 
     if(empty($db)){ 
      $this->connect(); 
      $db = $this->db; 
     } 

     $sql3="SELECT fullname FROM users WHERE uid = $uid"; 
     $result = mysqli_query($this->db,$sql3); 
     $user_data = mysqli_fetch_array($result); 
     echo $user_data['fullname']; 

     mysqli_close($db); 
     $this->db = null; 
    } 

    /*** starting the session ***/ 
    public function get_session(){  
     if(session_id() == '') session_start(); 
     return $_SESSION['login']; 
    } 

    public function user_logout() { 
     if(session_id() == '') session_start(); 
     $_SESSION['login'] = FALSE; 
     session_destroy(); 
    } 

} 

?>

首先,最好是private $db,因爲你只在PHP類中使用這個屬性。其次,爲避免產生空對象,您需要檢查該對象是否爲空,如果是,則需要連接到數據庫並填充該對象。另外,你需要在完成時關閉MySQL連接,並且需要清空變量。

編輯2:

我在PHP會話代碼固定的一個小問題,因爲如果會議沒有啓動它可能會引發錯誤。

我還在__construct函數中添加了一個標誌,以便您可以在不連接數據庫的情況下調用該對象,因爲最後2個函數不需要db調用。

來源

2014-10-03 11:16:19

+0

此外,您的代碼容易受到SQL注入的影響。閱讀有關此問題的更多信息:http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – 2014-10-03 11:18:22

相關問題

 相關問題