設計一個更優雅的用戶對象

Question

我已經構建了一個用戶類，它試圖在MySQL數據庫中查找用戶的ID。如果找到它，它會將變量SQL_ID設置爲該值，否則將其保留爲空。

稍後調用的單獨方法（IsValid）會返回一個布爾值，告訴我用戶是否確實存在。

我很好奇，如果任何人想在我的設計在這裏評論，也許提供了一個更好的解決方案。我承認PHP不是我的主要語言，我花了太多時間在非靜態類型的語言之後可能會感覺有點OCDish。也許我正在尋求驗證這個設計是否理智。

// User -> class for passing around user information. Should only pass around the UserID (a unqiue SQL ID), for security reasons, in a Session object. 
    class User { 
     private $SQL_ID = ""; 
     //@todo: Get the User object to actually talk to the other classes. Lol. 

     public function __construct($Username, $Password) { 
      // Probably want to Base64 encode the values going into and out of the MySQL database, to prevent a SQL Injection attack. 
      $query = "SELECT [UserID] FROM [Users] WHERE [Username] = '" . base64_encode($Username) . "' AND [Password] = '" . base64_encode($Password) . "';"; 
      $data = SQL::DataQuery($query); 

      $this->SQL_ID = $data["UserID"]; 

     } 

     // Boolean function to tell us if we have a valid user. Might be able to merge this into the constructor. 
     public function IsValid() { 
      if($this->SQL_ID == "") { 
       return false; 
      } 

      return true; 
     } 

     public function GetUserID() { 
      return $this->SQL_ID; 

     } 

     // private $Query = "SELECT [UserID] FROM [Users] WHERE [Username] = '' AND PASSWORD = '';"; // Prototype User query (for selecting a UserID). 


    } 

Answer 1

我不認爲你應該有一個用戶對象，除非登錄已成功。我將使用另一個類（名爲Authenticator），負責根據數據庫檢查用戶名和密碼，並僅在找到有效用戶時才返回User對象。