0

Here is my DatabaseAccessor class:

<?php
    class DatabaseAccessor 
    {
        public $db;

        public static function set_db($new_db){
           $this->$db = $new_db;
        }

        public function modifyDatabase($query){
            $db->query($query);
        }

        public function readFromDatabase($query){
            $temp = $db->query($query);
            return $temp;
        }
    }
?>

For some reason, it won't work when I try to use it in another file. Here is the file where I'm trying to use it:

<?php
include("/Back-End/DatabaseAccessor.php");
session_start();

$DataBaseAccessor = new DatabaseAccessor();
$temp = new mysqli(getenv('IP'), getenv('C9_USER'), "", "Moneybags", 3306);
$DataBaseAccessor->set_db($temp);

$desiredName = $_POST["username"];
$desiredPassword = $_POST["password"];
$desiredGender = $_POST["gender"];

$query = "INSERT INTO tblUsers (username, password, gender) VALUES ('" . $desiredName . "', '" . $desiredPassword . "', '" . $desiredGender . "')";

try {
    $DataBaseAccessor->modifyDatabase($query);
    $query = "SELECT * FROM tblUsers WHERE username = '" . $desiredName . "' AND password = '" . $desiredPassword . "'";
    $res = $DataBaseAccessor->ReadFromDatabase($query);
    $res->data_seek(0);
    $row = $res->fetch_assoc();

    $_SESSION["LoggedIn"] = true;
    $_SESSION["UserID"] = $row['UserID'];
    $_SESSION["Username"] = $row['username'];
    header("refresh:7;url=index.php");
    echo "Account created!";
    echo "Returning to main page momentarily...";

} 
catch (Exception $e){
  echo "Something went wrong with the account creation...";
  echo "Returning to main page temporarily...";
  header("refresh:7;url=index.php"); 
}
?>

I tried to pass parameters to the DatabaseAccessor object instead, with a constructor inside to set the mysqli parameters as public properties. That didn't work. I know that my queries work because they were working fine when I was just creating new mysqli objects in every class that needed to access the database.

Cœur
  • 37,241
  • 25
  • 195
  • 267
HandleThatError
  • 598
  • 7
  • 29
  • 1
    Just a heads up: You're vulnerable to sql injection at the moment. Since you're using mysqli, start moving to prepared statements instead. Is your `catch` statement engaged, or does nothing happen at all? – Bono Aug 11 '15 at 05:46
  • $DataBaseAccessor->ReadFromDatabase($query) != $DataBaseAccessor->readFromDatabase($query); – kdlcruz Aug 11 '15 at 07:22
  • @Bono It redirects to another php file but it doesn't actually insert anything into the database. – HandleThatError Aug 12 '15 at 01:13
  • @kdlcruz Good catch but that didn't fix the issue. It's still not inserting anything into the table. – HandleThatError Aug 12 '15 at 01:13
  • 1
    Have you turned on error reporting and tried debugging (dumping values) along the code? Use this to turn on error reporting: `error_reporting(E_ALL); ini_set('display_errors', 1);` – Bono Aug 13 '15 at 03:06
  • ... also add `mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` – Phil Dec 27 '18 at 04:08
  • One issue is that `set_db()` is static yet it tries to access `$this`. You're also trying to call it non-statically. Your other methods should be using `$this->db`, **not** `$db`. Enabling proper error reporting will reveal all this and probably more – Phil Dec 27 '18 at 04:12

0 Answers0