I have follow two classes
class A
{
....
protected $arr = array('game_id','pl_id');
...
}
class B extends A
{
//for example here add method
private function add_to_DB()
{
$query = "INSERT INTO TABLE(game_id,player_id)
VALUES(????,????)"; //Here is my question,what I must to write??
mysql_query($query);
}
}
I try to write ..VALUES(\"$this->arr[game_id]\",\"$this->arr[pl_id]\")", or
VALUES(".$this->arr[game_id].",".$this->arr[pl_id].")"
,but its does not working.
Thanks for any advise
I think I found another solution of my question. in my A class I must to have _set and _ get methods.
class A { .... protected arr = array('game_i开发者_C百科d'=>NULL,'pl_id'=>NULL); function __set($property, $value)
{
if (array_key_exists($property, $this->arr)) {
$this->arr[$property] = $value;
} else {
print "Error: Can't write a property other than x & y\n";
}
}
function __get($property)
{
if (array_key_exists($property, $this->arr)) {
return $this->arr[$property];
} else {
print "ERROR: write correct property";
}
}
...
}
And after this in class B I can write the follow
private function add_to_DB()
{ $query = "INSERT INTO TABLE(game_id,player_id) VALUES(\"$this->game_id\",\"$this->pl_id\")"; //Here WAS my question mysql_query($query); }Thanks for your advise
The best solution would be use PDO_MySQL so you could prepare and execute queries with parameters. Then you wouldn't have to worry about quotes at all. It's as simple as this:
$stmt = $pdo->prepare("INSERT INTO TABLE (game_id, player_id)
VALUES (:game_id, :pl_id)");
$stmt->execute($this->arr);
The plain MySQL extension for PHP doesn't support parameters in SQL queries. If you must continue to use that API, you should at least use some technique to protect against SQL Injection. For example, if they're integers, then coercion to int:
$g = (int) $this->arr["game_id"];
$p = (int) $this->arr["pl_id"];
$query = "INSERT INTO TABLE(game_id,player_id) VALUES({$g}, {$p})";
mysql_query($query);
If they're strings, you must escape the values using the provided function:
$g = mysql_real_escape_string($this->arr["game_id"]);
$p = mysql_real_escape_string($this->arr["pl_id"]);
$query = "INSERT INTO TABLE(game_id,player_id) VALUES('{$g}', '{$p}')";
mysql_query($query);
Also remember to quote your array keys or else they'll be interpreted as PHP constants, not strings.
Just use a sprintf as its better for readability and typecasting
$query = "INSERT INTO TABLE(game_id,player_id) VALUES('%d','%d')";
$query = sprintf($query,$this->arr['game_id'],$this->arr['pl_id']);
mysql_query($query);
Look up the manual on what you should use and how to use sprintf, %d is for a digit / integer, %s is for string, if you use string you must also make sure your using mysql_eral_escape_string on the value to prevent SQL Injection
re looking at your question I think your on about extending objects and so on so let me just show you this example?
class FirstClass
{
protected $var = "FirstClass";
}
if you extend the class like so:
class SecondClass extends FirstClass
{
public function aMethod()
{
echo $this->var;
}
}
this would echo the string from the class, but if i was to do the following
class ThirdClass extends FirstClass
{
protected $var = "ThirdClass";
public function aMethod()
{
echo $this->var;
}
}
This would echo ThirdClass because you have overwritten the first variable, so as long as you do not overwrite the variable in the parent class you can just use $this like it was a member of your child class
Try
$query = "INSERT INTO TABLE(game_id,player_id)
VALUES('".$this->arr[0]."','".$this->arr[1]."')";
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论