I made a class that connects to my DB and inserts some values. Is it secure or how can I protect this further from injections? The object declaration will come from variables with POST from a form, after being validated, ofc. Just want to know if this is secure.
<?php
include "db/db_info.php";
/*$DBServer
$DBUser
$DBPass
$DBName*/
class WorkDB {
private $server;
private $user;
private $pass;
private $name;
private $conn;
public function __construct( $server, $user, $pass, $name ) {
$this->server=$server;
$this->user=$user;
$this->pass=$pass;
$this->name=$name;
}
public function tryconn() {
$this->conn = new mysqli( $this->server, $this->user, $this->pass, $this->name );
if ( $this->conn->connect_error ) {
die( 'Connection Error (' . $this->connconnect_errno . ') '
. $this->conn->connect_error );
}
else echo 'ok';
}
public function query_register( $user, $pass, $email ) {
$stmt = $this->conn->prepare( "INSERT INTO `users` (`username`, `password`, `email`) VALUES (?, ?,?)" );
$stmt->bind_param( "sss", $user, $pass, $email );
$stmt->execute();
$stmt->close();
}
}//end of class
$a=new WorkDB( $DBServer, $DBUser, $DBPass, $DBName );
$a->tryconn();
$a->query_register( 'a', 'b', 'c' );
?>
