dcsimg
www.webdeveloper.com
Results 1 to 4 of 4

Thread: Classes and Queries

  1. #1
    Join Date
    Dec 2010
    Posts
    65

    Classes and Queries

    Sorry if this sounds like a noob question. I'm creating my own CMT for a personal website. I want to query the database for the pages in the website for navigation. I'm using ezsql. let's say the query is this:

    Code:
    $nav=$DB->get_results("SELECT * FROM pages WHERE active='y'");
    How would I put this in a class so I can just reference the class?

    let's say the class name is topNav.

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    21,295
    PHP Code:
    class TopNav
    {
      private 
    $DB;
      public function 
    __construct(ezSQL $db)
      {
        
    $this->DB $db;
      }
      public function 
    someFunc($active='y')
      {
        if(
    $active != 'y') { $active 'n'; }
        return 
    $this->DB->get_results("SELECT * FROM pages WHERE active='y'");
      }

    Usage:
    PHP Code:
    $db = new ezSQL('<whatever its params are>');
    $topNav = new TopNav($db);
    $results $topNav->someFunc('n'); 
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

  3. #3
    Join Date
    Dec 2010
    Posts
    65
    Thank you NogDog, much appreciated!

    Overall, how much more secure is it to do a query using this then just a basic query?

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    21,295
    I don't think the fact that it's in a class adds any security. Not knowing about ezSQL, the main security concern is how it prevents SQL injection. Does it allow the creation of prepared statements with bound parameters? If not, is there a built-in way to escape external inputs? (I kind of skirted the issue in my example, by forcing the $active variable to be either 'y' or 'n', so that no one could somehow pass a malicious string in.)

    "Little Bobby Tables"
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles