API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 13th, 2017
89
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.85 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. * Created on Feb 19, 2008
  4. *
  5. * A class encapsulating all the database manipulation required
  6. */
  7.  
  8. class MyDb {
  9. private $db; // The database handle
  10. // Our database uri. Add a password after the username
  11. const USER = 'ianw';
  12. const PASSWORD = 'REDACTED';
  13. const HOST = 'sql.rn.informatics.scitech.sussex.ac.uk';
  14. const DATABASE = 'musicChoice';
  15.  
  16. // The constructor, which generates a connection to the database
  17. function __construct() {
  18. // Connect...
  19. $this->db = new mysqli(MyDb::HOST,MyDb::USER,MyDb::PASSWORD,MyDb::DATABASE);
  20. // Whinge if we cannot connect
  21. if(!$this->db) {
  22. die("cannot connect: " . mysql_error());
  23. }
  24. // All errors in database connectivity will cause application death
  25. //$this->db->setErrorHandling(PEAR_ERROR_DIE);
  26. // $this->db->setFetchMode (DB_FETCHMODE_ASSOC);
  27. }
  28. // See if the user and password are correct, and if so return the id and password
  29. function checkUser($user, $password) {
  30. // Use statement preparation to check against sql injection
  31. $stmt = $this->db->prepare('SELECT id,password from users where user = ?');
  32. // bind parameters for markers
  33. $stmt->bind_param("s", $user);
  34. // bind results to output variable
  35. $stmt->bind_result($userId,$passwd);
  36. // execute query
  37. $stmt->execute();
  38. // We expect users to be unique
  39. if($stmt->fetch()) {
  40. // Notice that we 'crypt' the password before comparing
  41. if(crypt($password,$passwd) == $passwd) {
  42. return $userId;
  43. }
  44. }
  45. return false;
  46. }
  47.  
  48. // Does the user exist?
  49. function isUser($user) {
  50. // Use statement preparation to check against sql injection
  51. $stmt = $this->db->prepare('SELECT id from users where user = ?')
  52. ;
  53. // bind parameters for markers
  54. $stmt->bind_param("s", $user);
  55. // bind results to output variable
  56. $stmt->bind_result($userId);
  57. // execute query
  58. $stmt->execute();
  59. // We expect users to be unique
  60.  
  61. $userRow = $stmt->fetch();
  62. return $userRow;
  63. }
  64.  
  65. // Add the user with the given password
  66. function addUser($user, $password) {
  67. // Use statement preparation to check against sql injection
  68. $stmt = $this->db->prepare('INSERT INTO users (user, password) VALUES (?,?)');
  69. // bind parameters for markers
  70. $stmt->bind_param("ss", $user,crypt($password));
  71. // execute query
  72. $stmt->execute();
  73. // return the userId
  74. return $this->checkUser($user,$password);
  75. }
  76.  
  77. // Add an element description
  78. function addElement($element) {
  79. // Use statement preparation to check against sql injection
  80. $stmt = $this->db->prepare('INSERT INTO elements (description) VALUES (?)');
  81. // bind parameters for markers
  82. $stmt->bind_param("s", $element);
  83. // execute query
  84. $stmt->execute();
  85. }
  86.  
  87. // Add a link between a user and an element
  88. function addFavourite($userId,$elementId) {
  89.  
  90. // Use statement preparation to check against sql injection
  91. $stmt = $this->db->prepare('INSERT INTO favourites (userId, elementId) VALUES (?,?)');
  92. // bind parameters as integers for markers
  93. $stmt->bind_param("ii", $userId,$elementId);
  94. // execute query
  95. $stmt->execute();
  96.  
  97. }
  98.  
  99. // Return the favourites of the given user as array of id=>description
  100. function findFavourites($userId) {
  101. // Use statement preparation to check against sql injection
  102. $stmt = $this->db->prepare('SELECT favourites.id,description FROM favourites,elements WHERE favourites.userId = ? AND favourites.elementId = elements.id');
  103. // bind parameters for markers
  104. $stmt->bind_param("i", $userId);
  105. // bind results to output variable
  106. $stmt->bind_result($favouriteId,$description);
  107. // execute query
  108. $stmt->execute();
  109. $favourites = array();
  110. while($stmt->fetch()) {
  111. $favourites[] = array('id' => $favouriteId,'description' => $description);
  112. }
  113. return $favourites;
  114. }
  115.  
  116. // Return the elements as array of id=>description
  117. function getElements() {
  118. // No input data, so we'll execute the statement directly
  119. $result = $this->db->query('SELECT id,description FROM elements');
  120. $elements = array();
  121. while($e = $result->fetch_object()) {
  122. $elements[] = $e;
  123. }
  124. return $elements;
  125.  
  126. }
  127.  
  128. // Delete the given user record
  129. function deleteFavourite($id) {
  130. // Use statement preparation to check against sql injection
  131. $stmt = $this->db->prepare('DELETE FROM favourites WHERE id = ?');
  132. // bind parameters for markers
  133. $stmt->bind_param("i", $id);
  134. // execute query
  135. $stmt->execute();
  136. }
  137. }
  138.  
  139. // provide access to the database
  140. $GLOBALS['myDb'] = new MyDb();
  141. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!