Anything wrong with my OOP?
 

Just starting to learn OOP and first off I have to say I can (finally) see why this is more useful than procedural. Anyway, took this script off of a site, made some very small edits (still more to make). But I was just wondering if anything is wrong (bad practices, code leading to errors, etc)? And how would I make it so the database is checked during/after registration for users with the same username (i.e no two people with the same username/password).

Classes:
Form:

This is very bad practice:
You shouldn't be storing information in an escaped format. That should be used only during write to a mysql database. You are using PDO though, so you shouldn't be doing anything with MySQLi if that's the intent. Binding doesn't require, and nor should it be given an escaped string as it will corrupt the original value of the string.

This makes no sense:
I don't see a point of calling a constructor on an existing instance of an object. If you need to modify something, do so at the property level; __construct shouldn't be explicitly invoked and should only be used when instantiating a parent constructor or when implicitly called by the new keyword.

Ah, was wondering about using mysqli AND PDO together.
So, just:
then?
As for the constructor part, I was actually wondering about that as well when I was looking at the script. I assumed it was sending the values to the storeFormValue(), which then sent them to the constructor, which as you said would be smarter/better/whatever you wanna say to send them straight to the constructor. Methods are class functions and properties are class variables, correct? Or can everything within a class be considered a method?

Only functions are methods.
The constructor chain appears to me to be a (lazy at that) short cut. On a side note, doing it the other way around completely would be acceptable solution that doesn't require internally constructing new objects. The constructor can certainly call any method it wants, so if you have an overwriting method, chain the constructor to that instead of the other way around.

Yeah, PDO and MySQLi are not compatible. Since you need to have MySQLi established to make use of a mysql_real_escape_string anyway, you should choose which to use. But more importantly properties should never be stored in an escaped format, regardless of if you intend to use a prepared statement bound variable or if you intend to use a simple string with escaped input data. Escaping is specific for the db, not for the data in question. It is completely legal for me to have a string with \' in the string, but by escaping it you have now corrupted it onto \\\' instead.

updated code:
registration:
classes:

your if() condition in the userLogin() method won’t work out. your result set contains only one row that is processed by the first call to fetchColumn(). hence the second call will return false (no more rows to fetch from) and all the array accesses will cause a warning.

so, something like this? or would it just be better to use $valid (even though it is oddly named in this case)
and I finally found the original script: http://forum.codecall.net/topic/6977...#axzz2CKPnnQCz

$valid only gives you the content of the first field. you would need a complete ->fetch() to get all data.

in that original code, all that $valid is used for is to check, whether there are data returned. that these data are superfluous in the concept is a mistake often made. (the well-known problem of the SQL wildcard character *).

Ah, should have known that based on ->fetchColumn(). Well, while I was researching fetch(), I stumbled upon fetchAll(). So, my question is what is the difference? Would you say they are interchangeable?

of course not. ->fetch() gives you the content of one row, ->fetchAll() the content of all rows (which at times could make a very huge array).

Having problems with the $username and $email variables. In the database, only the first letter of each variable's value is displayed. Also, when attempting to log in, I always receive my "Invalid username/password" error message even when the values are correct.

classes:
Login form script:
register page script:

second code block: Users constructor expects an array ...

first code block:
- $mem = $stmt->fetch(); no more data to fetch, returning false.
- username already exists in the class
- SQL, no need of a LIMIT 1 if you have proper DB constraints (e.g. unique username)

third code block: Users->register() does not accept parameters

Thanks Dormilich, fixed everything but now ran into another (presumably) smaller problem. It isn't echoing the $username property. I'd assume this is because, to paraphrase, the $mem property is returning false due to lack of data. But how exactly would I fix that? I've tried fetchAll(), and fetch(1), but to no avail.

classes:
login script:
Side Note: It is allowing me to log in with no trouble, so I'd assume $_SESSION['loggedin'] is set and is set to 1, although whenever I exit that tab and return I must log in again which makes me assume something (by which I mean what you previously stated) is going on with the $_SESSION variables in that if statement

the problem is that by calling $valid = $stmt->fetchColumn(); you get the first field’s value and then move to the next result row (that doesn’t exist). hence if you want to get the data out of the original row, you need to change that line. bear in mind that the original code was never interested in DB data in the first place.

ugh, almost there...It is displaying the username now, but when the tab is exited and then reopened you are required to log in again. I'd assume it was this line: if (!isset($_POST['submit'])) {
updated login method:
login script: