1 
<?
session_start();
class DB_MSSQL {
  protected $Host;
  protected $Database;
  protected $User;
  protected $Password;
  protected $Link_ID  = 0;
  protected $Query_ID = 0;
  protected $Record   = array();
  protected $Row      = 0;
  protected $Errno    = 0;
  protected $Error    = "";
  protected $Halt_On_Error = "yes";
  protected $Auto_Free = 1;     
  protected $PConnect  = 0;
    function _construct(){
   $this->Host = $_SESSION['SQLIP'];
     $this->Database = $_SESSION['SQLDB'];
     $this->User = $_SESSION['SQLUSER'];
     $this->Password = $_SESSION['SQLPASS'];
  }

  function DB_MSSQL($query = "") {
    if($query) {
      $this->query($query);
    }
  }
  function connect() {
    if ( 0 == $this->Link_ID ) {
      if(!$this->PConnect) {
        $this->Link_ID = mssql_connect($this->Host, $this->User, $this->Password);
      } else {
        $this->Link_ID = mssql_pconnect($this->Host, $this->User, $this->Password);
      }
      if (!$this->Link_ID)
        $this->connect_failed("connect ($this->Host, $this->User, \$Password) failed");
      else
        if (!mssql_select_db($this->Database, $this->Link_ID)) {
          $this->connect_failed("cannot use database ".$this->Database);
        }
    }
  }
  function connect_failed($message) {
    $this->Halt_On_Error = "yes";
    $this->halt($message);
  }

  function free_result(){
      mssql_free_result($this->Query_ID);
    $this->Query_ID = 0;
  }

  function query($Query_String) 
  {

    /* No empty queries, please, since PHP4 chokes on them. */
    if ($Query_String == "")
      /* The empty query string is passed on from the constructor,
       * when calling the class without a query, e.g. in situations
       * like these: '$db = new DB_Sql_Subclass;'
       */
      return 0;

    if (!$this->Link_ID)
        $this->connect();
//    printf("<br>Debug: query = %s<br>\n", $Query_String);

    $this->Query_ID = mssql_query($Query_String, $this->Link_ID);
    $this->Row = 0;
    if (!$this->Query_ID) {
      $this->Errno = 1;
      $this->Error = "General Error (The MSSQL interface cannot return detailed error messages).";
      $this->halt("Invalid SQL: ");
    }
    return $this->Query_ID;
  }

  function next_record() {

    if ($this->Record = mssql_fetch_row($this->Query_ID)) {
      // add to Record[<key>]
      $count = mssql_num_fields($this->Query_ID);
      for ($i=0; $i<$count; $i++){
        $fieldinfo = mssql_fetch_field($this->Query_ID,$i);
        $this->Record[strtolower($fieldinfo->name)] = $this->Record[$i];
      }
      $this->Row += 1;
      $stat = 1;
    } else {
      if ($this->Auto_Free) {
            $this->free_result();
        }
      $stat = 0;
    }
    return $stat;
  }

  function seek($pos) {
        mssql_data_seek($this->Query_ID,$pos);
    $this->Row = $pos;
  }

  function metadata($table) {
    $count = 0;
    $id    = 0;
    $res   = array();

    $this->connect();
    $id = mssql_query("select * from $table", $this->Link_ID);
    if (!$id) {
      $this->Errno = 1;
      $this->Error = "General Error (The MSSQL interface cannot return detailed error messages).";
      $this->halt("Metadata query failed.");
    }
    $count = mssql_num_fields($id);

    for ($i=0; $i<$count; $i++) {
        $info = mssql_fetch_field($id, $i);
      $res[$i]["table"] = $table;
      $res[$i]["name"]  = $info->name;
      $res[$i]["len"]   = $info->max_length;
      $res[$i]["flags"] = $info->numeric;
    }
    $this->free_result();
    return $res;
  }

  function affected_rows() {
// Not a supported function in PHP3/4.  Chris Johnson, 16May2001.
//    return mssql_affected_rows($this->Query_ID);
    $rsRows = mssql_query("Select @@rowcount as rows", $this->Link_ID);
    if ($rsRows) {       
       return mssql_result($rsRows, 0, "rows");
    }
  }

  function num_rows() {
    return mssql_num_rows($this->Query_ID);
  }

  function num_fields() {
    return mssql_num_fields($this->Query_ID);
  }

  function nf() {
    return $this->num_rows();
  }

  function np() {
    print $this->num_rows();
  }

  function f($Field_Name) {
    return $this->Record[strtolower($Field_Name)];
  }

  function p($Field_Name) {
    print $this->f($Field_Name);
  }

  function halt($msg) {
    if ("no" == $this->Halt_On_Error)
      return;

    $this->haltmsg($msg);

    if ("report" != $this->Halt_On_Error)
      die("Session halted.");
  }

  function haltmsg($msg) {
    printf("<p>Server have a critical error!<br><br><br>We are very sorry for any inconvenience!<br><br>\n", $msg);
    printf("<b>MSSQL Error</b>: %s (%s)</p>\n",
      $this->Errno,
      $this->Error);
  }
}
?>

Faild to connect.. if i put $Host;$Database;$User;$Password; manually is work fine. but with constructor can't connect. ($_SESSION have correct value)

But i don't know how to echo $obj->Host,Password,user,etc.

Improve this question
2
  • 2
    And what happens if this variable ($_SESSION['SQLIP']) changes? Trust in global state is bad. Commented May 6, 2013 at 12:16
  • Still the same issue. The other thing is that when you are storing the database credentials in your session state then the PHP by default will write it on the system hard drive the full session data including your credetnials which is a vulnerability. Make a constructior which accepts 4 parameters and inject them into it a different way (not from session). Commented May 6, 2013 at 15:39

2 Answers 2

Reset to default
5

You can assigning session value like below in class constructor,

class Foo {
    public $Host;
    public function __construct() {
        $this->Host = $_SESSION['SQLIP'];
    }
}

Prefer use public keyword instead of var for declaring a variable.

Note: The PHP 4 method of declaring a variable with the var keyword is still supported for compatibility reasons (as a synonym for the public keyword). In PHP 5 before 5.1.3, its usage would generate an E_STRICT warning.

http://www.php.net/manual/en/language.oop5.visibility.php

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You cannot assign value to class variable directly. Assign value to variable inside class constructor.

class DB_MSSQL {
    public $Host;

    function __construct(){
        $this->Host = $_SESSION['SQLIP'];
    }
}

find my below edited ans for your problem

class DB_MSSQL {
  public $Host;
  public $Database;
  public $User;
  public $Password;

  public $Link_ID;
  public $PConnect;

    function _construct(){
        $this->Host = $_SESSION['SQLIP'];
        $this->Database = $_SESSION['SQLDB'];
        $this->User = $_SESSION['SQLUSER'];
        $this->Password = $_SESSION['SQLPASS'];
    }


  function connect() {
    if ( 0 == $this->Link_ID ) {
      if(!$this->PConnect) {
        $this->Link_ID = mssql_connect($this->Host, $this->User, $this->Password);
      } else {
        $this->Link_ID = mssql_pconnect($this->Host, $this->User, $this->Password);
      }
      if (!$this->Link_ID)
        $this->connect_failed("connect ($this->Host, $this->User, \$Password) failed");
      else
        if (!mssql_select_db($this->Database, $this->Link_ID)) {
          $this->connect_failed("cannot use database ".$this->Database);
        }
    }
  }

But its better to use protected instead of public for db variables

Improve this answer

8 Comments

can you give me a example please?
'var' is an outdated way of declaring variables (php 4)
How i can echo $this->Host = $_SESSION['SQLIP']; to view if have the correct value?
You can put echo inside constructor or echo object variable $obj->Host .
below code shows the object of your class. Give a try $obj = new DB_MSSQL(); echo $obj->Host; echo $obj->User ; echo $obj->Password ; $obj->connect();
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.