我使用一个类来创建mysql连接并将链接存储在一个私有变量中,
但是当我在mysql_real_escape_string()中使用链接变量或尝试使用
时is_resource()表示链接不是资源....这是我的类代码从library.php…
class db_system
{
private $link;
private $result;
/*
Constructor connects to database and store in link
*/
public function __construct()
{
$lines = file('../../secret/topsecret');
$this->link = mysqli_connect(trim($lines[0]), trim($lines[1]), trim($lines[2]), trim($lines[3])) or die("Could not connect to " . mysqli_error($this->link));
if(is_resource($this->link))
echo "true";
else
echo "false"; // it always prints false;
}
/*
this method process the query and returns the result od the query
*/
public function sqlquery($query)
{
$this->result = mysqli_query($this->link, $query) or die('query failed ' . mysqli_error($this->link));
}
/*
this method returns the rows in an array form
*/
public function get_data()
{
return mysqli_fetch_array($this->result);
}
/*
destructor closes sql connection if link is active
*/
public function __destruct()
{
if($this->link)
{
mysqli_close($this->link);
}
}
public function getlink()
{
return $this->link;
}
}
include 'library.php';
$view = new db_system(); // connection object made
$per = "%";
$qry = sprintf('SELECT * FROM inventory WHERE description LIKE "%s%s%s"',$per,mysql_real_escape_string($find,$view->getlink()),$per);
//$find是一个要搜索的值,它来自$_GET['find'],存储在$find中,不为空
之后,它说2参数不是mysql_real_escape_string().....中的资源
那么我如何使$link作为资源变量,以便我可以使用mysql_real_escape_string()因为mysqli不使用资源,所以它使用对象:
mysqli mysqli_connect ([ string $host = ini_get("mysqli.default_host") [, string $username = ini_get("mysqli.default_user") [, string $passwd = ini_get("mysqli.default_pw") [, string $dbname = "" [, int $port = ini_get("mysqli.default_port") [, string $socket = ini_get("mysqli.default_socket") ]]]]]] )
表示函数返回类型为mysqli的对象(该行的第一个单词)。
参见http://php.net/manual/en/mysqli.construct.php和http://php.net/manual/en/mysqli.quickstart.dual-interface.php。另请参阅http://php.net/manual/en/mysqli.quickstart.prepared-statements.php了解如何正确转义/参数化查询,而不是使用不相关的mysql_real_escape_string。