你好,你可能会说这个问题已经得到了回答,但相信我在问之前已经搜过了所有问题,但我仍感到困惑。我试图将数据库连接变量$conn传递给新文件中的函数,我不想全局地执行它,因为它不安全。关于我如何解决这个问题,你能帮我解决一个问题吗?我喜欢学习,不想要免费代码。以下是我目前的代码:
以下是连接数据库的代码:
define('DBHOST','localhost');
define('DBUSER','root');
define('DBPASS','');
define('DBNAME','my_cms');
function connecting ($conn) {
$conn = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME);
if(mysqli_connect_error())
{
die( "Sorry! Can't connect to the database." . mysqli_connect_error());
}
}
这是我在functions.php文件中的登录功能代码
function login($user, $pass)
{
$user = $conn->real_escape_string($user);
$pass = $conn->real_escape_string($pass);
$password = md5($pass);
$sql = $conn->prepare("SELECT * FROM members WHERE username = ? AND password=?");
$result->bind_param("ss", $user, $password);
$result->execute() or die('Query failed. ');
if ($result->num_rows)
{
$_SESSION['authorized'] = true;
header('Location: '.DIRADMIN);
exit();
}
else
{
$_SESSION['error'] = 'Sorry, wrong username or password';
}
$conn->close();
}
答案 0 :(得分:1)
有几种方法和设计模式需要考虑。解决此问题的一种简单方法是在单个文件中定义数据库连接功能,然后将该文件包含在需要访问数据库的任何页面中。例如:
在文件database.inc.php中:
<?php
define('DBHOST','localhost');
define('DBUSER','root');
define('DBPASS','');
define('DBNAME','my_cms');
$conn = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME);
if(mysqli_connect_error())
{
die( "Sorry! Can't connect to the database." . mysqli_connect_error());
}
?>
然后,对于需要数据库连接的每个页面,执行以下操作:
<?php
require_once '...\database.inc.php';
function login($conn, $user, $pass)
{
$user = $conn->real_escape_string($user);
$pass = $conn->real_escape_string($pass);
$password = md5($pass);
$stmt = $conn->prepare("SELECT * FROM members WHERE username = ? AND password=?");
$stmt->bind_param("ss", $user, $password);
$stmt->execute() or die('Query failed. ');
....
}
...
?>
答案 1 :(得分:0)
根据您的应用程序,您可以选择使用PHP Session variables。目前尚不清楚为什么使用全局这样的东西特别不安全。