1 
<?php
 class ann {

      public function __construct($context, $orgs_id, $created_at) {
         $this->context = $context;
         $this->orgs_id = $orgs_id;
         $this->created_at = $created_at;
     }

     function create(){
         $createann = mysql_query("INSERT INTO anns(context,
 orgs_id, created_at)
 VALUES('$this->context',
 $this->orgs_id, '$this->created_at'");
         if($createann) echo "Duyuru Başarıyla Eklendi"; else echo "Duyuru
 Eklenemedi";
     }
     function read($id){
         $readann = mysql_query("SELECT * FROM anns WHERE id = $id");
         $context = mysql_result($readann,0, "context");
         $orgs_id = mysql_result($readann,0, "orgs_id");
         $created_at = mysql_result($readann,0,
 "created_at");

         $ann = new ann($context, $orgs_id, $created_at);

         return $ann;
     }
     function update($id, $context){
         $updateann = mysql_query("UPDATE anns SET context =
 '$context' WHERE id = $id");
         if($updateann) echo "Update success"; else echo
 "Update failed";
     }
     function delete($id){
         $deleteann = mysql_query("DELETE FROM anns WHERE id
 = $id");
         if($deleteann) echo "Delete success"; else echo "Delete not success";
     }
     //crud fonksiyonlari burda bitiyor 
}

?>

There is something wrong with our logic here but we are very new to php. We tried to create rails like models, but it think something with our class-object notation is wrong. So the code did not work. We cannot even create any object with it. Thank you guys

Improve this question
3
  • Your code's comment at the bottom removes the closing } for the class. Is this mistake just in the post? Commented Apr 21, 2011 at 14:16
  • yes it was just a mistake in the post, thanks for pointing out Commented Apr 21, 2011 at 14:19
  • thanks injection warnings but we are using a filter before the strings arrive to object creation. Commented Apr 21, 2011 at 14:53

3 Answers 3

Reset to default
1

context, orgs_id and created_at must be should be first declared either as public, private or protected before you use them.

In your create method, you don't filter user input. This may cause to your application SQL injection, you have to you always filter user input. Use either mysql_real_escape_string or prepared statment by PDO.

You may check this tutorial.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

two things (which maybe only apply to your codesample here):

  1. In your sample, you dont close your Class, because the last "}" is commented out.
  2. You never opened a connection to your database, so the query would fail.
Improve this answer

Comments

0

a few observations:

declaring the attributes in the constructor is possible, but it's not elegant. I'd rather do: 

class ann {
  private $context;
  private $orgs_id;

the "->" operator won't work inside a string. You'll need to concatenate the query:

"INSERT INTO anns(context,orgs_id, created_at) VALUES('".$this->context."',".$this->orgs_id".", '".$this->created_at."'"

but be careful on sql injection

The rest should be fine! Good Luck.

Improve this answer

2 Comments

You can use object operators inside strings if you wrap them in {} e.g "Property value is {$object->property}";
There's also a very good tutorial about good PHP OOP practices here: phpfreaks.com/tutorial/oo-php-part-2-boring-oo-principles

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.