I have tried setting sessions which are stored in database.I have achieved this through implementing SessionHandlerInterface class.However i havenot used prepared statements before but now i want to implement prepared statements in order to make it sql injection proof.However , when i try the prepare method it shows me an error
Method Prepare not defined in Class
i even tried extending mysqli_stmt class which contains the methods for prepared statements.
This is the full code of session class that stores sessions inside the database.
http://codepad.org/KmLtO9ym
Part of the code to make the question much more clear
class SysSession implements SessionHandlerInterface
{
private $link;
public function open($savePath, $sessionName)
{
$link = new mysqli("localhost","root","","cakenbake");
if($link){
$this->link = $link;
return true;
}else{
return false;
}
}
public function close()
{
mysqli_close($this->link);
return true;
}
public function read($id)
{
$result = mysqli_query($this->link,"SELECT Session_Data FROM Session WHERE Session_Id = '".$id."' AND Session_Expires > '".date('Y-m-d H:i:s')."'");
/*$result=$this->link->prepare("Some query inside")
* This shows up an error stating prepare method not found
*
*/
if($row = mysqli_fetch_assoc($result)){
return $row['Session_Data'];
}else{
return "";
}
}