you already had the answer to this problem. do try to read the error message properly.
a 'non object' is quite clear - if in doubt about what something is or something
should be use var_dump() or print_r() to output the variable in question (e.g. $DB, which
you would have seen was NULL).
now for some tips ...
nihilism machine schreef:
I amn trying to use my db class in my auth class, but i get the error:
call to a member function select() on a non object
<?php
class db {
// Members
private $db_user = "mydbuser";
private $db_pass = "mypassword";
private $db_name = "mydb";
private $db_server = "myhost.com";
don't store these in the class - it makes the class usable
only for 1 explicit project/DB, and classes are supposed to
be reusable.
instead pass in these connection parameters to the constructor
(or something similar)
private $link;
private $result_id;
// Methods
public function __construct() {
$this->connect();
}
// Connect to MySQL Server
private function connect() {
$this->link =
mysql_connect($this->db_server,$this->db_user,$this->db_pass) or
die("ERROR - Cannot Connect to DataBase");
mysql_select_db($this->db_name,$this->link) or die("ERROR:
Cannot Select Database (" . $this->db_name . ")");
the 'or die("bla bla");' type of error handling is rubbish, you can
use it for simple/throw-away scripts but when your writing a class
you should make the error handling much more flexible and leave it
up to the code that uses the class to decide how to handle the
error. with the die() statement the consumer of the class has no choice
about what to do if a connection error occurs.
}
// Disconnect from MySQL Server
private function disconnect() {
mysql_close($this->link);
}
// MySQL Select
public function select($sql) {
$this->result_id = $this->query($sql);
if($this->result_id){
$rows = $this->fetch_rows();
}
return $rows;
your returning $rows even if it was not created, this gives you an
E_NOTICE error when you don't get a result id back.
}
// Insert into MySQL
public function insert($params) {
extract($params);
I wouldn't use extract, also your not doing any input parameter checking here.
$sql = 'INSERT INTO '.$table.' ('.$fields.') VALUES ('.$values.')';
the preceding line has SQL injection potential written all over it.
$this->query($sql);
if($this->result_id){
$affected_rows = $this->affected_rows();
}
return $affected_rows;
}
// Delete from MySQL
public function delete($params) {
extract($params);
$sql = 'DELETE FROM '.$table.' WHERE '.$where;
if (is_numeric($limit)) {
$sql .= ' LIMIT '.$limit;
}
$this->query($sql);
if($this->result_id){
$affected_rows = $this->affected_rows();
}
return $affected_rows;
}
// Update MySQL
public function update($params) {
extract($params);
$sql = 'UPDATE '.$table.' SET '.$values.' WHERE '.$where;
if(is_numeric($limit)){
$sql .= ' LIMIT '.$limit;
}
$this->query($sql);
if($this->result_id){
$affected_rows = $this->affected_rows();
}
return $affected_rows;
}
// MySQL Query
private function query($sql) {
$this->result_id = mysql_query($sql);
return $this->fetch_rows();
}
// MySQL Fetch Rows
private function fetch_rows() {
$rows = array();
if($this->result_id){
while($row = mysql_fetch_object($this->result_id)){
$rows[] = $row;
}
}
return $rows;
}
// MySQL Affected Rows
private function affected_rows() {
return mysql_affected_rows($this->link);
}
// MySQL Affected Rows
private function num_rows() {
return mysql_num_rows($this->link);
}
// MySQL Affected Rows
private function select_id() {
return mysql_insert_id($this->link);
}
// Destruct!
public function __destruct() {
$this->disconnect();
}
}
?>
<?php
require_once("db.class.php");
class auth {
public $DB;
public $UserID;
public $AdminLevel;
public $FirstName;
public $LastName;
public $DateAdded;
public $MobileTelephone;
public $LandLineTelephone;
public members suck.
// Connect to the database
public function __construct() {
$DB = new db();
how many objects will be using a DB connection? will each one be
using a new copy? consider passing in a DB object, that way your
saving having to create one each time.
}
// Attempt to login a user
public function CheckValidUser($Email, $Password) {
$PasswordEncoded = $this->encode($Password);
$rows = $DB->select("SELECT * Users WHERE Email='$Email', AND
Password='$PasswordEncoded'");
again SQL injection potential, at the very least you should be
using mysql_real_escape_string();
if ($DB->num_rows > 0) {
$this->UserID = $row['ID'];
$this->AdminLevel = $row['Admin_Level'];
$this->FirstName = $row['First_Name'];
$this->LastName = $row['Last_Name'];
$this->DateAdded = $row['Date_Added'];
$this->MobileTelephone = $row['Telephone_Mobile'];
$this->LandLineTelephone = $row['Telephone_Land_Line'];
// User info stored in Sessions
session_start();
$_SESSION['Status'] = "loggedIn";
$_SESSION['ID'] = $row['ID'];
$_SESSION['Email'] = $row['Email'];
$_SESSION['AdminLevel'] = $row['Admin_Level'];
$_SESSION['LandLine'] = $row['Telephone_Land_Line'];
$_SESSION['MobileTelephone'] = $row['Telephone_Mobile'];
$_SESSION['FirstName'] = $row['First_Name'];
$_SESSION['LastName'] = $row['Last_Name'];
here your only storing the values in the Auth object during the request
that the check for a valid user is done. subsequent requests will have
no values for Auth->UserID (et al). which begs the question: why bother to
have these member properties at all?
} else {
return false;
}
}
public function encode($str) {
return md5(base64_encode($str));
}
}
?>
<?php
$myauth = new auth();
$x = $myauth->CheckValidUser("test@xxxxxxxx", "password");
echo $x;
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
