我的用户类中有一个构造函数:
public function __construct($pdo)
{
$this->pdo = $pdo;
}
这就是我经常运行的方式:
的index.php:
include("config.php");
$users = new Users($pdo);
但我不想这样做,我想为数据库连接分开一个类
创建了database.class.php
class Database
{
public function __construct()
{
try
{
$pdo = new PDO('mysql:host='.MYSQL_HOST.';dbname=driptone', MYSQL_USER, MYSQL_PASSWORD);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo 'connected';
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
}
现在我像这样使用它:
$users = new Users(new Database());
我收到此错误:
connected
Fatal error: Call to undefined method Database::prepare() in C:\xampp\htdocs\drip\class\users.class.php on line 75
我也尝试过一个静态的问题。
为什么会这样?我该如何解决?它是否能够安全地进行注射/ XSS攻击?
/**
* Public Method Register
*
* Registers the user to the system, checking for errors.
* If error was found, it will throw new exception.
*
* @parm username The username the user posted.
* @parm password The password the user posted.
* @parm repassword The validated password the user posted.
* @parm email The email the user posted.
* @parm reemail The validated email the user posted.
* @parm day The day the user posted (for date of birth).
* @parm month The month the user posted (for date of birth).
* @parm year The year the user posted (for date of birth).
*
* @return Return true means everything is correct, register successfully.
**/
public function register($username, $password, $repassword, $email, $reemail, $day, $month, $year)
{
global $pdo;
// Check if passwords matching.
if ($password != $repassword)
{
throw new exception ("Passwords does not match.");
}
// Check if emails matching.
else if ($email != $reemail)
{
throw new exception ("Emails does not match.");
}
// The main insert query
$this->insert = $this->pdo->prepare
("
INSERT INTO users
(user_name, user_password, user_email, user_birth)
VALUES
(:username, :password, :email, :birth)
");
//Query to check if username is taken.
$this->user = $this->pdo->prepare("SELECT * FROM users WHERE user_name = :name");
$this->user->execute(array(":name" => $username));
//Query to check if email is taken.
$this->email = $this->pdo->prepare("SELECT * FROM users WHERE user_email = :email");
$this->email->execute(array(":email" => $email));
// Checking if username is taken using the query.
if ($this->user->rowCount())
{
throw new exception ("Username already in use");
}
// Checking if email is taken using the query.
else if ($this->email->rowCount())
{
throw new exception ("Email is already in use");
}
// Checking if birth of date is valid.
else if ($day > 31 || $month > 12 || $year > date('Y') || $year < 1925)
{
throw new exception ("Invalid Birth of date");
}
// Checking if password is more than 5 characters long.
else if (strlen($password) < 5)
{
throw new exception ("Password is too short");
}
else
{
// Everything is fine, insert data.
$this->insert->execute(array
(
":username" => $username,
":password" => $password,
":email" => $email,
":birth" => $day.'/'.$month.'/'.$year
));
//Send verification
$this->sendVerification($username, $email);
//Finished processing, return true.
return true;
}
}