您好,您可能会说这个问题已经得到解答,但请相信我,我在提问之前已经搜索了所有问题,但仍然感到困惑。我正在尝试将数据库连接变量 $conn 传递给新文件中的函数,但我不想在全局范围内执行此操作,因为它不安全。你能帮我解决这个问题并解释一下我该怎么做吗?我喜欢学习,不想要免费代码。到目前为止,这是我的代码:
下面是连接数据库的代码:
define('DBHOST','localhost');
define('DBUSER','root');
define('DBPASS','');
define('DBNAME','my_cms');
function connecting ($conn) {
$conn = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME);
if(mysqli_connect_error())
{
die( "Sorry! Can't connect to the database." . mysqli_connect_error());
}
}
这是我在 functions.php 文件中的登录功能代码
function login($user, $pass)
{
$user = $conn->real_escape_string($user);
$pass = $conn->real_escape_string($pass);
$password = md5($pass);
$sql = $conn->prepare("SELECT * FROM members WHERE username = ? AND password=?");
$result->bind_param("ss", $user, $password);
$result->execute() or die('Query failed. ');
if ($result->num_rows)
{
$_SESSION['authorized'] = true;
header('Location: '.DIRADMIN);
exit();
}
else
{
$_SESSION['error'] = 'Sorry, wrong username or password';
}
$conn->close();
}
最佳答案
有多种方法和设计模式可供考虑。一种简单的方法是在单个文件中定义数据库连接功能,然后将该文件包含在需要访问数据库的任何页面中。例如:
在文件 database.inc.php 中:
<?php
define('DBHOST','localhost');
define('DBUSER','root');
define('DBPASS','');
define('DBNAME','my_cms');
$conn = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME);
if(mysqli_connect_error())
{
die( "Sorry! Can't connect to the database." . mysqli_connect_error());
}
?>
然后对于每个需要数据库连接的页面,执行以下操作:
<?php
require_once '...\database.inc.php';
function login($conn, $user, $pass)
{
$user = $conn->real_escape_string($user);
$pass = $conn->real_escape_string($pass);
$password = md5($pass);
$stmt = $conn->prepare("SELECT * FROM members WHERE username = ? AND password=?");
$stmt->bind_param("ss", $user, $password);
$stmt->execute() or die('Query failed. ');
....
}
...
?>
关于php - 如何安全地将数据库连接变量传递到新页面?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36512611/