Problem in mysqli real_escape_string?
Your constructor has a typo and thus will be never called function __contruct(){ replace by function __construct(){.
Your constructor has a typo and thus will be never called. Function __contruct(){ replace by function __construct(){.
Hah what I mistake that I didn't spot after looking at it for some time. – thephpdeveloper Feb 7 '10 at 23:32 lol, that its a downer allways happens to everyone – useless Feb 8 '10 at 1:19 I see i'm debugging this all the time the only problem is the missing 's' I didn't notice that thank you for your help – user239431 Feb 8 '10 at 16:58 @crane01 You're welcome. You can accept the answer using the check mark sign to the left to close it.
– Pekka Feb 8 '10 at 17:04.
Crane, please note: Note: OO syntax only: If a connection fails an object is still returned. To check if the connection failed then use either the mysqli_connect_error() function or the mysqli->connect_error property like in the examples above. That means your "or die(..)" construct will never be executed.
Conn will always be an object but not a "connection object". See de3.php.net/manual/en/mysqli.connect.php for example on how to check for connection errors. Regards aefxx.
The problem is that the $this->conn object hasn't connected to the database. See, in the constructor, the vars $this->host, $this->uname, $this->pass and $this->db are all null (since you haven't set them already, and they aren't static), therefore, no successful connection can be performed. Mysqli's constructor doesn't fail (it returns an object), so the die is never executed, but when attempting to perform any action, it will fail since there is no valid connection opened.
The official way to check for connection errors is to use mysqli_connect_error() (notice that doing $this->conn->connection_error was broken in PHP 5.2.9-5.3.0). You should both make sure the connection parameters are set properly before creating the mysqli object and check properly if the connection succeded.
So, for example, if you are building up a little framework and want to do an insert to a table based on the request URI, it's in your best interest to not take the $_SERVER'REQUEST_URI' value (or any part of it) and directly concatenate that with your query. Instead, you should parse out the portion of the $_SERVER'REQUEST_URI' value that you want, and map that through some kind of function or associative array to a non-user provided value. If the mapping produces no value, you know that something is wrong with the user provided data.
Failing to follow this has been the cause of a number of SQL-injection problems in the Ruby On Rails framework, even though it uses parametric prepared statements. This is how GitHub was hacked at one point. So, no language is immune to this problem.
That's why this is a general best practice and not something specific to PHP and why you should REALLY adopt it. Also, you should still do some kind of validation of the data provided by users, even when using parametric prepared statements. This is because that user-provided data will often become part of some generated HTML, and you want to ensure that the user provided data isn't going to cause security problems in the browser.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.