0

I am currently working on a small project and, for the love of god, I cannot get this PHP class working.

The problem is, doQuery doesn't return anything nor modifies the DB when I type and INSERT or any other command here, always returns false even when called from within the class.

class CONN {

    private $connection;

    public function __construct() {

        $this->connection = new mysqli($address, $user, $pass, $db);
        if ($this->connection->connect_error) {

            // Throw error here
        } else {
            $this->doQuery("SET NAMES 'utf8'");
        }
    }

    public function doQuery($query){

        return $this->connection->query($this->connection->real_escape_string($query));
    }
}

Solved
The real_escape_string escaped even ' and hence the query could not work.

Improve this question
5
  • Instead of returning immediately, query for the error if the result is false and log it. Not enough information here by itself. Commented Mar 6, 2015 at 19:57
  • 2
    You should only use the real_escape_string on variables used inside the SQL query. I think the quotes around the utf8 are getting escaped and as a result the query is invalid. Is there any errors emitted? Commented Mar 6, 2015 at 19:57
  • error_log($query); inside of doQuery() Commented Mar 6, 2015 at 19:59
  • You should consider adding echo $this->connection->error; inside if condition as if($this->connection->error_no){ You will get the exact message if the query fails. You can paste that error here and that can get a clue. Commented Mar 6, 2015 at 20:00
  • error_log outputs 1 Commented Mar 6, 2015 at 20:31

3 Answers 3

Reset to default
2

I don't think your code will ever work like that, the main issue i see is the following piece of code:

$this->connection = new mysqli($address, $user, $pass, $db);

Where do $adress, $user, $pass, $db come from? Maybe you missed your constructor arguments.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I just replaced my info with vars
1

Use real_escape_string only for escaping variables (usually submitted by users) e.g.

$this->doQuery("SELECT * FROM table WHERE something='".$this->connection->real_escape_string($_POST['data'])."'"

do not escape whole query

public function doQuery($query){
    return $this->connection->query($query);
}
Improve this answer

Comments

0

You need to create/provide additional class arguments. When object is created class consructor needs those values to make a connection. So:

class Con
{
    private $address;
    private $username;
    private $password;
    private $database;
    public function __construct($address, $username, $password,$database)
    {
        $this->address = $address;
        $this->username = $username;
        $this->password = $password;
        $this->database = $database;
    }
    public function connect()
    {
        $con = mysqli_connect($this->address, $this->username, $this->password, $this->database);
        return $con;
    }
}


$conobject = new Con("localhost","root","","mybase");
$convar = $conobject->connect();
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.