你好,你可能会说这个问题已经得到了回答,但相信我,我在问之前已经搜索了所有问题,但仍然很困惑。我正试图将数据库连接变量$conn
传递给一个新文件中的函数,但我不想全局传递,因为这不安全。你能帮我解决问题并解释一下我该怎么做吗?我喜欢学习,不想要免费的代码。到目前为止,以下是我的代码:
以下是连接到数据库的代码:
define('DBHOST','localhost');
define('DBUSER','root');
define('DBPASS','');
define('DBNAME','my_cms');
function connecting ($conn) {
$conn = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME);
if(mysqli_connect_error())
{
die( "Sorry! Can't connect to the database." . mysqli_connect_error());
}
}
这是我在functions.php文件中登录功能的代码
function login($user, $pass)
{
$user = $conn->real_escape_string($user);
$pass = $conn->real_escape_string($pass);
$password = md5($pass);
$sql = $conn->prepare("SELECT * FROM members WHERE username = ? AND password=?");
$result->bind_param("ss", $user, $password);
$result->execute() or die('Query failed. ');
if ($result->num_rows)
{
$_SESSION['authorized'] = true;
header('Location: '.DIRADMIN);
exit();
}
else
{
$_SESSION['error'] = 'Sorry, wrong username or password';
}
$conn->close();
}
有几种方法和设计模式需要考虑。一种简单的方法是在一个文件中定义数据库连接功能,然后将该文件包含在需要访问数据库的任何页面中。例如:
在文件database.inc.php
:中
<?php
define('DBHOST','localhost');
define('DBUSER','root');
define('DBPASS','');
define('DBNAME','my_cms');
$conn = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME);
if(mysqli_connect_error())
{
die( "Sorry! Can't connect to the database." . mysqli_connect_error());
}
?>
然后,对于每个需要数据库连接的页面,执行以下操作:
<?php
require_once '...'database.inc.php';
function login($conn, $user, $pass)
{
$user = $conn->real_escape_string($user);
$pass = $conn->real_escape_string($pass);
$password = md5($pass);
$stmt = $conn->prepare("SELECT * FROM members WHERE username = ? AND password=?");
$stmt->bind_param("ss", $user, $password);
$stmt->execute() or die('Query failed. ');
....
}
...
?>
根据您的应用程序,您可以选择使用PHP会话变量。目前还不清楚为什么在这样的事情上使用global是特别不安全的。