代码:
致命错误:无法在代码第47行重新分配自动全局变量_POST。
第47行是:
public function add_status($user_id, $_POST)
<?php
require_once('class-db.php');
if ( !class_exists('INSERT') ) {
class INSERT
{
public function update_user($user_id, $postdata)
{
global $db;
$table = 's_users';
$query = "
UPDATE $table
SET user_email='$postdata[user_email]', user_pass='$postdata[user_pass]', user_nicename='$postdata[user_nicename]'
WHERE ID=$user_id
";
return $db->update($query);
}
public function add_friend($user_id, $friend_id)
{
global $db;
$table = 's_friends';
$query = "
INSERT INTO $table (user_id, friend_id)
VALUES ('$user_id', '$friend_id')
";
return $db->insert($query);
}
$insert = new INSERT;
?>
见解吗?谢谢:)
澄清一下@Nasir所说的,$_POST是一个超全局变量,所以你不能这样声明它。你只需声明一个常规变量并传递$_POST
public function add_status($user_id, $array)
{
// This will print whatever array you pass
print_r($array);
}
所以使用:
$insert = new INSERT();
$insert->add_status(123, $_POST);
注释:
你可以帮助自己注入数据库,而不是使用
global $db;:
class Insert
{
private $db;
public function __construct($db)
{
$this->db = $db;
}
public function update_user($user_id, $postdata)
{
$table = 's_users';
$query = "
UPDATE $table
SET user_email='$postdata[user_email]', user_pass='$postdata[user_pass]', user_nicename='$postdata[user_nicename]'
WHERE ID=$user_id
";
return $this->db->query($query);
}
}
// Insert the $db into the class
$insert = new Insert($db);
不要在sql中添加变量。使用绑定参数:
// Use ? here
$sql = "UPDATE `s_friends`
SET `user_email` = ?, `user_pass` = ?, `user_nicename` = ?
WHERE `ID` = ?";
// I am using PDO (if you use mysqli, look at bind param for that interface)
$query = $this->db->prepare($sql);
$query->execute(array($postdata['user_email'],$postdata['user_pass'],$postdata['user_nicename'],$user_id));
不要使用明文密码。您应该使用散列:
// Hash the password, then store that instead
$password = password_hash($postdata['user_pass'], PASSWORD_DEFAULT);
// Use password_verify() to match the password
使用类自动加载
与其使用if ( !class_exists('INSERT') ) {,不如考虑使用spl_autoload_register()的类自动加载