using mysqli with oop php

Question

this is my connection.php file

<?php

class Connection {

    public $db_host = 'localhost';
    public $db_user = 'root';
    public $db_pass = '';
    public $db_name = 'lybri';

    public function connect() {

        $this->connect_db = new mysqli($this->db_host, $this->db_user, $this->db_pass, $this->db_name);

        if (mysqli_connect_errno()) {
            printf("Connection failed: %s\n", mysqli_connect_error());
            exit();
        }
        return true;
    }

    public function get_connection() {
        return $this->connect_db;
    }

}

$db = new Connection('localhost', 'user', 'pass', 'name');
$db->connect();
$connection = $db->get_connection();

this script is working without any errors.

and when I need to run a mysql query in another file I just include this connection.php file in to that file and doing like this.

mysqli_query($connection, "SELECT * FROM users WHERE username = '$username' AND password = '$hashedPassword' ");

I just need to know, Is this the best practice to do so.

Thank You.

This question appears to be off-topic because it belongs to [Codereview Stackexchange](http://codereview.stackexchange.com/) — Shankar Narayana Damodaran, Mar 22 '14 at 11:59
I would return true or false, instead of the exit(); Everything else is fine if you ask me. — Jo Smo, Mar 22 '14 at 12:00
@ShankarDamodaran - Oops I didn't know about that. can I move this question to codereview ? — Yasitha, Mar 22 '14 at 12:02
I think mods will do it or you can delete it and post a new one there. — Shankar Narayana Damodaran, Mar 22 '14 at 12:02
Btw this has nothing to deal with OOP, a simple global function would have worked the same in your case. — moonwave99, Mar 22 '14 at 12:29

score 2 · Answer 1 · edited May 23 '17 at 12:05

2

Yes it is the best practice and I believe many people include the connection.php like this only (me too).

But what I have to say on this is use mysqli_real_escape_string to prevent mysql injection attack. (not recommended) OR USE PDO/mysqli

Use it like this mysqli_real_escape_string($db,$id) before your query:

$username=mysqli_real_escape_string($db,$username);
$password=mysqli_real_escape_string($db,$password);

edited May 23 '17 at 12:05

Community

1
1

answered Mar 22 '14 at 12:06

ɹɐqʞɐ zoɹǝɟ

4,342
3
22
35

`$username=mysql_real_escape_string($username);` <= no. You meant `$username=mysqli_real_escape_string($db,$username);` OP is using `mysqli_*` – Funk Forty Niner Mar 22 '14 at 12:15
yeah i forgot it,thanks – ɹɐqʞɐ zoɹǝɟ Mar 22 '14 at 12:23
You're welcome. However, you forgot the `i` but I edited your answer to reflect the proper changes. – Funk Forty Niner Mar 22 '14 at 12:27

using mysqli with oop php

1 Answers1