0

I know must coding part of mysql bt new at mysqli. I am not able to execute these insert query to the database. I have searched a lot but couldn't find simple suggestion, or may be i didn't understand.

Undefined variable: mysqli in C:\wamp\www\New folder\php\msqliconnect.php on line 32

Fatal error: Call to a member function mysqli_query() on a non-object in C:\wamp\www\New folder\php\msqliconnect.php on line 32

Any help is appreciated.

<?php
class connection

    {
    public $mysqli;

    function connect()
        {
        $hostname = "localhost";
        $username = "root";
        $password = "";
        $database = "demodatabase";
        $mysqli = new mysqli($hostname, $username, $password, $database);
        /* check connection */
        if (mysqli_connect_errno())
            {
            printf("Connect failed: %s\n", mysqli_connect_error());
            exit();
            }

        return true;
        }
    }

class Index extends connection

    {
    function __construct()
        {
        parent::connect();
        }

    function insertdata($a, $b)
        {

        // echo $a. ' ' .$b;
        // MySqli Insert Query

        $status = 0;
        $insert_row = $mysqli->mysqli_query("INSERT INTO tb_user (id, user, password, status) VALUES('','" . $a . "', '" . $b . "', '')");
        if ($insert_row)
            {
            print 'saved';
            }
          else
            {
            die('Error : (' . $mysqli->errno . ') ' . $mysqli->error);
            }
        }
    }

?>
Krixnaas
  • 71
  • 2
  • 13
  • Your code is vulnerable to [**SQL injection attacks**](https://en.wikipedia.org/wiki/SQL_injection). You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky Apr 25 '17 at 18:13
  • @AlexHowansky Not yet ;-) once it fires up, yeah. – Funk Forty Niner Apr 25 '17 at 18:15

1 Answers1

1

In both of your connect() and insertdata() methods, you're using local variable $mysqli, not the instance variable public $mysqli;. You should use $this->mysqli instead of $mysqli in your instance methods. So your connect() and insertdata() methods would be like this:

function connect(){
    $hostname = "localhost";
    $username = "root";
    $password = "";
    $database = "demodatabase";
    $this->mysqli = new mysqli($hostname, $username, $password, $database);
    /* check connection */
    if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
        exit();
    }
    return true;            
}

and 

function insertdata($a, $b){
    $insert_row = $this->mysqli->query("INSERT INTO tb_user (id, user, password, status) VALUES('','".$a."', '".$b."', '')");
    if($insert_row){
        print 'saved'; 
    }else{
        die('Error : ('. $this->mysqli->errno .') '. $this->mysqli->error);
    }
}

Sidenote: Learn about prepared statement because right now your query is susceptible to SQL injection attack. Also see how you can prevent SQL injection in PHP.

Community
  • 1
  • 1
Rajdeep Paul
  • 16,887
  • 3
  • 18
  • 37