Including database connection file in php [duplicate]

Question

I am creating a simple login feature in php for my website, now I tried everything before and it worked well, then I decided to reorganize my files by grouping all my functions together in one file, my database settings and connection in another file and my session configuration (for running on my localhost) in yet another file.

The point for me doing this is simply to keep my code clean and organized and easy to understand for me in the future.

This is my login page:

<?php
    include('session-config.php');
    include('dbconnection.php');
    include('functions.php');
    include('password_hash_lib/password.php');

    if (isset($_POST['data']))
    {
        $data = $_POST['data'];
        $auth = json_decode($data);
        $user_email = $auth->Email;
        $user_pass = $auth->Password;
        authenticate($user_email, $user_pass);
    }

    function authenticate($Email, $Password)
    {   
        $HashedPassword = password_hash($Password, PASSWORD_DEFAULT);        
        $sql = "SELECT * FROM app_users WHERE user_email='$Email'"; 
        $result = $db->query($sql);
        $User = $result->fetch_object();

        if ($User->user_email == '')
        {
            header("Location: login-page.html?msg=failed");
        }

        if (password_verify($Password, $User->user_password_hash))
        {
            $_SESSION["user_auth_details"] = $User->user_id . "+" . $User->user_email . '+' . $User->user_name . "+" . $User->user_display_image . "+" . $User->user_display_name;
            header("Location:" . $_SESSION['page_url']);
        }
         else {
            header("Location: login-page.html?msg=failed");

         }
    }

?>

And this is my database connection file:

<?php
    $db = new mysqli("xxxxxxxxxxxxxxxxxxxxxxx", "xxxxxxxxxxxxx", "xxxxxxxxxxxxx", "xxxxxxxxxxx");
    if($db->connect_errno > 0){
        die('Unable to connect to database [' . $db->connect_error . ']');
    }
?>

As you can see I have included the dbconnection.php file in my login.php but whenever I try to call the authenticate() function, this error is returned:

Notice: Undefined variable: db in C:\xampp\htdocs\xxxxxxxx\login.php on line 27

Fatal error: Call to a member function query() on a non-object in C:\xampp\htdocs\xxxxxxx\login.php on line 27

Now I'm a bit confused about this, since I have $db defined in my dbconnection.php file and I have include that file in my login.php page, I expected that to work or am I wrong?

You're calling $db from inside authenticate() so it needs to be declared as global; global $db; — grimmdude
– grimmdude, Commented Dec 26, 2013 at 15:45
Please i would like to know in what way is my code vulnerable to sql injections? — Blank EDjok
– Blank EDjok, Commented Dec 26, 2013 at 15:53
"Please i would like to know in what way is my code vulnerable to sql injections?" --- You can have a read at this => stackoverflow.com/questions/60174/… — Funk Forty Niner
– Funk Forty Niner, Commented Dec 26, 2013 at 15:54

Ahmad · Accepted Answer · 2013-12-26 15:45:34Z

7

You have to globalize the variable before using in a function.
Just add this line at the top of your function:

function authenticate($Email, $Password)
    {   
         global $db;
         $HashedPassword = password_hash($Password, PASSWORD_DEFAULT);        
         $sql = "SELECT * FROM app_users WHERE user_email='$Email'"; 
         $result = $db->query($sql);
         $User = $result->fetch_object();
    ...

answered Dec 26, 2013 at 15:45

Ahmad

5,7618 gold badges46 silver badges62 bronze badges

Sign up to request clarification or add additional context in comments.

4 Comments

smassey Over a year ago

Or arguably better: pass it in as a parameter.

Blank EDjok Over a year ago

But i what about the dbconnection.php file? Do i globalize the variable there too?

Ahmad Over a year ago

No. Globalizing is just required in different scope like a function. I mean when you are trying to use a variable in another scope(like a function) you have to globalize that.

Nathan H Over a year ago

global means "please find the $db variable OUTSIDE of this function as well"

Nathan H · Accepted Answer · 2013-12-26 15:56:42Z

3

Add global $db; to the beginning of your authenticate function.

However, I strongly recommend you learn about PDO: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers

Your code is currently unsafe

answered Dec 26, 2013 at 15:56

Nathan H

49.7k60 gold badges173 silver badges251 bronze badges

Collectives™ on Stack Overflow

Including database connection file in php [duplicate]

2 Answers 2

4 Comments

Comments

Linked

Hot Network Questions

Collectives™ on Stack Overflow

2 Answers 2

4 Comments

Comments

Linked

Related