-2

I wrote a class for get some information about my client from database (MySQL). as we can see below :

<?php

class Player {

    public $username;
    public $inf;


    public function __construct ($username, $inf){
        $this->username = $username;
        $this->inf = $inf;
    }

    public function getInfuser (){
        include('connectdatabase.php');
        $sql = "SELECT * FROM member WHERE email = '.$this->username.'";
        $result = $conn->query($sql);
        $row = $result->fetch_assoc();

        switch ($this->inf){
            case ('email'):
                $result = $row["email"];
                break;
              case ('playerid'):
                  $result = $row["playerid"];
                  break;
              case ('inviteid'):
                  $result = $row["inviteid"];
                  break;
               case ('hash'):
                 $result = $row["hash"];
                  break;
                default:
                    $result = "Error";
                    break;
        }
        return $result;
    }
}
?>

in the connectdatabase.php page i wrote a connection to connect to my database i tested its work correctly.

and the page that i want to print information from my classes is here :

<?php
include ('classtest.php');

$username = 'chance';
$inf = 'inviteid';
$keyvan = new Player($username, $inf);
echo $keyvan->getInfuser ();
?>

i fixed some syntax error that were there.

[18-Dec-2018 20:14:52 UTC] PHP Parse error:  syntax error, unexpected 'function__construct' (T_STRING), expecting variable (T_VARIABLE) in /home/jokerpoker021/public_html/classtest.php on line 8
[18-Dec-2018 20:14:52 UTC] PHP Parse error:  syntax error, unexpected 'function__construct' (T_STRING), expecting variable (T_VARIABLE) in /home/jokerpoker021/public_html/classtest.php on line 8
[18-Dec-2018 20:14:53 UTC] PHP Parse error:  syntax error, unexpected 'function__construct' (T_STRING), expecting variable (T_VARIABLE) in /home/jokerpoker021/public_html/classtest.php on line 8
[18-Dec-2018 20:16:34 UTC] PHP Fatal error:  Call to a member function query() on null in /home/jokerpoker021/public_html/classtest.php on line 17
[18-Dec-2018 20:16:35 UTC] PHP Fatal error:  Call to a member function query() on null in /home/jokerpoker021/public_html/classtest.php on line 17

now without any error but my information doesnt print and just show a white page and i dont know why. whats the problem with my codes ?

UPDATE : my connecttodatabase.php file :

<?php
$servenm = "localhost";
$usnme = "username";
$passnm = "********";
$dbname = "jokerpok";

// Create connection
$conn = new mysqli($servenm, $usnme, $passnm, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}     
?>
e_i_pi
  • 4,590
  • 4
  • 27
  • 45
Keyvan
  • 17
  • 4
  • You don't need the dots in `'.$this->username.'` (they will be part of the string it searches for) – Nigel Ren Dec 18 '18 at 20:29
  • object `$conn` obviously was never instanced, to begin with. – Martin Zeitler Dec 18 '18 at 20:37
  • Some sensible code indentation would be a good idea. It helps us read the code and more importantly it will help **you debug your code** [Take a quick look at a coding standard](http://www.php-fig.org/psr/psr-2/) for your own benefit. You may be asked to amend this code in a few weeks/months and you will thank me in the end. – RiggsFolly Dec 18 '18 at 20:47
  • @MartinZeitler how can i define it can you write me a example please – Keyvan Dec 18 '18 at 20:48
  • @RiggsFolly thanks – Keyvan Dec 18 '18 at 20:49
  • 2
    Change code to `$sql = "SELECT * FROM member WHERE email = '{$this->username}'";` Although if the parameters are really collected from POST or GET or use entered values Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's – RiggsFolly Dec 18 '18 at 20:52
  • also see https://stackoverflow.com/questions/2418473/difference-between-require-include-require-once-and-include-once – Martin Zeitler Dec 18 '18 at 20:54

1 Answers1

0

i think u should write :

$sql = "SELECT * FROM member WHERE email = '".$this->username."'";

or :

$sql = "SELECT * FROM member WHERE email = '{$this->username}'";
bg1
  • 54
  • 8
  • I changed but again the same problem just a empty white page without anything. – Keyvan Dec 19 '18 at 06:09
  • @Keyvan are you sure you have a username in your DB with value 'chance' ?? – bg1 Dec 19 '18 at 11:56
  • yes im sure if you want i can give u my user and pass of this acc with a test link – Keyvan Dec 20 '18 at 07:07
  • i can't really help you if i can't acces the code for that the test link will be unuseful – bg1 Dec 21 '18 at 01:21
  • @Keyvan it's not how it works really but i am curious to know what's the problem so give me an acces maybe i can help – bg1 Dec 21 '18 at 23:20