Is there any Secure PHP Database Connection Class 2016?

Question

Currently I'm working with a PHP Database Connection Class that is in one single file with a Construct and every time I need this connection, I instanciate the class and the Construct creates the connection with only having to modify the User, Password, DBname and Host. It works fine, I haven't face any problems with this Class although I want to start taking security seriously in my web applications, I've been looking for a way to implement security(SQL Inj, XSS, DoS, etc.) and use updated functions, prepared statements, escaping, etc. My problem is that I haven't found a single answer about this exactly because I don't call the "mysqli_connect" function in the index.php I just create the object for the Connection Class and use it. Class:

<?php
    class Connection {
     private $connection;

     private $host='localhost';
     private $user='user';
     private $pass='pass';
     private $database='dbname';
     private $n=0;

    function __construct() {
        $this->connection = mysqli_connect($this->host, $this->user, $this->pass, $this->database);

        mysqli_query($this->connection,"SET NAMES 'utf8'");
    }

    function sql($sql) {
        if (is_array($sql)) {
            foreach ($sql as $s) {
                $res = mysql_query($s);
                if (mysql_errno()) echo mysql_error().'<br>';
                $this->n++;
            }
        } else {
            $res = mysqli_query($this->connection,$sql);
            if (mysql_errno()) echo mysql_error().'<br>';
            $this->n++;
        }
        return $res;
    }

    function __destruct() {
        if (is_resource($this->connection) )
        mysql_close($this->connection);
    }

    function getLink() {
        return $this->connection;
    }
}

So if I want to Create, Read, Update, Delete Something I do this:
In another file: User.php (Which i want to use the new method I'm asking for and use prepared statements for the Queries here and escape functions)
<?php
  // Declare a variable
     private $user;

  // Setter
     function setUser($val){
        $this->user = $val;
     }

  // Create Function to CreateUser
     function CreateUser(){
        $con = new Connection();
        $sql = "INSERT INTO user (DATA) VALUES(DATA)";
        $con->sql($sql);
     }

  // Same for all CRUD i just change the Query of course.

?>

<?php 
  // At the index.php i do this:
  include_once 'User.php';

  $user = new User();

  if(isset($_POST['createUserButton'])){
     // $The variable i set in my User Class
     $user = $_POST['user'];

     // Then the Setter
     $user->setUser($user);

     // Then execute the Function
     $user->CreateUser();
  }  
?>

I'm trying to translate this Class using: -New Versions of functions -Using "try/catch" -Security -And just trying to have as many points of view from more experienced developers. I'm a few months old at this and I'm trying to look at different methods to code so i can create my own, appreciate you could share some of that experience and help creating an efficient, secure database connection. Thank you.


Show source
| security   | php   | mysql   2017-01-07 06:01 0 Answers

Answers ( 0 )

◀ Go back