1

I am using global variable in my function and after research I found that is a bad practice in PHP instead of that I should use dependency injection but I have problem when changing global to dependency injection. What problem about my code? Thanks for help.

update.php (global)

<?php
include 'db_data.php';

class robot{

public function robotUpdate($conn3){
       public function robotUpdate($conn3){
        global $nasa;
        global $id;
        $r_update="UPDATE robot_heartbeat SET last_process_id =$id  WHERE nasa_id=$nasa";
        $robot_u=$conn3->query($r_update);
    }

main.php

<?php
include 'db_data.php';
include 'db_sat.php';

$sql = "SELECT * FROM satellite1.show_activity ";
$result=$conn1->query($sql); //get data from db 1

while($row = $result->fetch_assoc()) {
        $sql2 = "INSERT INTO analysis_data.show_activity SET 
                show_activity_id='".$row["id"]."',
                game_show_id='".$row["game_show_id"]."',
                account_id='".$row["account_id"]."',
                account_code='".$row["account_code"]."',
                login_id='".$row["login_id"]."',
              $result=$conn3->prepare($sql2); //copy data from db1 into db2 
              $result->execute(); 
}
    $robot_u = new robot();
    $nasa = '2';
    $id = $row["id"];
    $robot_u->robotUpdate($conn3);

I tried: update.php (Dependency injection)

<?php
include 'db_data.php';

class robot{
 public function robotUpdate($conn3,$nasa,$id){
       public function robotUpdate($conn3){
        $r_update="UPDATE robot_heartbeat SET last_process_id =$id  WHERE nasa_id=$nasa";
        $robot_u=$conn3->query($r_update);
    }

**main.php**(dependency injection)
    $robot_u = new robot();
    $robot_u->robotUpdate($conn3,$nasa,$id); //call function first
    $nasa = '2';  //inject value
    $id = $row["id"];
C123D
  • 51
  • 5
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Aug 17 '21 at 09:18

1 Answers1

1

the value is injected during the function call:

$robot_u->robotUpdate($conn3,$nasa,$id);

So swap them around:

$robot_u = new robot();
$nasa = '2';  //inject value
$id = $row["id"];
$robot_u->robotUpdate($conn3,$nasa,$id);

That said, I noticed you pass a db connection into the class, you might want to consider, if you re-use the same connection over and over in the class to add a constructor

function __construct( $db_connection ) {
   $this->db_connection = $db_connection;
}

And create a new instance of the class and pass the db connection there

$robot_u = new robot( $conn3 );

And every time in that class when you need your db connection, use $this->db_connection instead of passing $conn3

Three are lots of free resources around PHP OOP on the internet, would suggest reading some of them :-)

Erik
  • 384
  • 1
  • 9