www.webdeveloper.com
Results 1 to 4 of 4

Thread: Classes and Queries

  1. #1
    Join Date
    Dec 2010
    Posts
    60

    Classes and Queries

    Sorry if this sounds like a noob question. I'm creating my own CMT for a personal website. I want to query the database for the pages in the website for navigation. I'm using ezsql. let's say the query is this:

    Code:
    $nav=$DB->get_results("SELECT * FROM pages WHERE active='y'");
    How would I put this in a class so I can just reference the class?

    let's say the class name is topNav.
    MY BLOG:
    HTML Code:
    <a href="http://teststuff.freehostingcloud.com">click here to read my game progress</a>

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,326
    PHP Code:
    class TopNav
    {
      private 
    $DB;
      public function 
    __construct(ezSQL $db)
      {
        
    $this->DB $db;
      }
      public function 
    someFunc($active='y')
      {
        if(
    $active != 'y') { $active 'n'; }
        return 
    $this->DB->get_results("SELECT * FROM pages WHERE active='y'");
      }

    Usage:
    PHP Code:
    $db = new ezSQL('<whatever its params are>');
    $topNav = new TopNav($db);
    $results $topNav->someFunc('n'); 
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Dec 2010
    Posts
    60
    Thank you NogDog, much appreciated!

    Overall, how much more secure is it to do a query using this then just a basic query?
    MY BLOG:
    HTML Code:
    <a href="http://teststuff.freehostingcloud.com">click here to read my game progress</a>

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,326
    I don't think the fact that it's in a class adds any security. Not knowing about ezSQL, the main security concern is how it prevents SQL injection. Does it allow the creation of prepared statements with bound parameters? If not, is there a built-in way to escape external inputs? (I kind of skirted the issue in my example, by forcing the $active variable to be either 'y' or 'n', so that no one could somehow pass a malicious string in.)

    "Little Bobby Tables"
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles