0
I would like to instantiate a PHP connection and not show the values as example the user and password, if using print_r(new classname) is shown the values even using the private modifier. Is it possible to omit information such as user and password values? Follow part of the code:
private $host="localhost";
private $user="root";
private $password="";
private $dbname="test";
private function setLogin($l, $s){
$conn = new PDO("mysql:host=$this->host;dbname=$this->dbname","$this->user", "$this->password");
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$conn = $conn->prepare("SELECT login, senha FROM usuario where login = :login and senha = :senha");
$conn->bindParam(':login', $l, PDO::PARAM_STR);
$conn->bindParam(':senha', $s, PDO::PARAM_STR);
$conn->execute();
$linha = $conn->fetch(PDO::FETCH_ASSOC);
if($linha == ""){
echo "false";
}else{
session_start();
echo $_SESSION["logado"] = md5(uniqid(rand(), true));
}
}
Just don’t use the
print_r. If somehow you want to present some class information, just create a method that returns a string containing the data you want to expose and when to show just call this method.– Woss
Of course, just not using print_r is obvious. The goal is that no one who could not access the class discover these values, let’s assume that I do not scroll down the display option of a class with DB connection so the biggest reason is this, that if it descends a print_r it was not possible to check the info.
– rock.ownar
It seems to me that you are confusing some concepts. Attribute visibility do not serve to define this type of security. If a person can enter a
print_rin the code, it will be able to access the database file directly to get this data, understand? Visibility when trying to get you to correctly use one class in another does not prevent the code from being accessed.– Woss
Hi Anderson, Wonder and understood.
– rock.ownar