我创建了一个连接到我的数据库并插入一些值的类。它是安全的还是我如何进一步保护注射?在验证之后,对象声明将来自表单中POST的变量ofc。只是想知道这是否安全。
<?php
include "db/db_info.php";
/*$DBServer
$DBUser
$DBPass
$DBName*/
class WorkDB {
private $server;
private $user;
private $pass;
private $name;
private $conn;
public function __construct( $server, $user, $pass, $name ) {
$this->server=$server;
$this->user=$user;
$this->pass=$pass;
$this->name=$name;
}
public function tryconn() {
$this->conn = new mysqli( $this->server, $this->user, $this->pass, $this->name );
if ( $this->conn->connect_error ) {
die( 'Connection Error (' . $this->connconnect_errno . ') '
. $this->conn->connect_error );
}
else echo 'ok';
}
public function query_register( $user, $pass, $email ) {
$stmt = $this->conn->prepare( "INSERT INTO `users` (`username`, `password`, `email`) VALUES (?, ?,?)" );
$stmt->bind_param( "sss", $user, $pass, $email );
$stmt->execute();
$stmt->close();
}
}//end of class
$a=new WorkDB( $DBServer, $DBUser, $DBPass, $DBName );
$a->tryconn();
$a->query_register( 'a', 'b', 'c' );
?>