<link rel="stylesheet" type="text/css" href="admin/css/style.css" />
<?php include('dbcon.php');
include('header.php');
 ?>
</head>
<body>

    <div class="navbar navbar-fixed-top">
    <div class="navbar-inner">
    <div class="container">

        <a class="brand">
        <img src="admin/images/dee.png" width="150" height="50">
    </a>
    <a class="brand">
     <h2>UNITOUCH GLOBAL ONLINE E-VOTING</h2>
     <div class="chmsc_nav"><font size="4" color="white">Uniquely Touching The Universe</font></div>
    </a>

    <?php include('head.php'); ?>

    </div>
    </div>
    </div>
<div class="wrapper_admin">
</br>
</br>
</br>
    <div id="element" class="hero-body-index">

    <p><font color="white"><h2>Voter Login</h2></font></p>

    <form method="POST" >
    <table>
    <tr><td><font color="white">UserName:</font>&nbsp;&nbsp;</td><td><input type="text"  name="UserName" class="UserName_hover"></td></tr>
    <tr><td>...<td></tr>
    <tr><td><font color="white">Password:</font>&nbsp;&nbsp;</td><td><input type="Password" name="Password" class="Password_hover"></td></tr>
    <tr><td>...<td></tr>
    <tr><td></td><td>   <button class="btn btn-primary" name="Login"><i class="icon-ok icon-large"></i>&nbsp;Login</button>

    </td></tr>
    <tr><td>
    </td><tr>
    </form>
    </table>

    </br>
    <div class="error">
            <?php

if (isset($_POST['Login'])){

$UserName=$_POST['UserName'];
$Password=$_POST['Password'];




$login_query=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='1st year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
$login_query3=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='2nd year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
$login_query4=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='3rd year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
$login_query5=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='4th year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
//
$login_query1=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Voted'");
$login_query2=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Voted'");
$count=mysqli_num_rows($login_query);
$count1=mysqli_num_rows($login_query1);
$count3=mysqli_num_rows($login_query3);
$count4=mysqli_num_rows($login_query4);
$count5=mysqli_num_rows($login_query5);
$row=mysqli_fetch_array($login_query);
$row3=mysqli_fetch_array($login_query3);
$row4=mysqli_fetch_array($login_query4);
$row5=mysqli_fetch_array($login_query5);
$id=$row['VoterID'];
?>
<?php 
if($count == 1){
session_start();
$_SESSION['id']=$row['VoterID'];
header('location:voting.php');
}
if($count3 == 1){
session_start();
$_SESSION['id']=$row3['VoterID'];
header('location:voting.php');
}
if($count4 == 1){
session_start();
$_SESSION['id']=$row4['VoterID'];
header('location:voting.php');
}
if($count5 == 1){
session_start();
$_SESSION['id']=$row5['VoterID'];
header('location:voting.php');
}
if($count1 == 1){ ?>
    <div class="alert alert-error">
    <button class="close" data-dismiss="alert">×</button>
   You Can Only Vote Once
    </div>
<?php
}else{ ?>
<div class="alert alert-error">
    <button class="close" data-dismiss="alert">×</button>
   Please check your username and password
    </div>

    <?php 
    }
?>

<?php
}

?>
</div>
</div>
</br>
</br>
</br>
</br>
</br>

    <?php include('footer.php')?>    
</div>

    </body>

</html>
Member Avatar
diafol

Let me get this right, you want us to convert your code for you? If you are new to PDO, then a good way to get started would be to research PDO and attempt it yourself. I am tempted to say "RTFM", but that would be rude. This code is not yours I take it. It looks very old.

You're probably better starting from scratch. Check out pritaeas' tutorials in the code snippets section of this forum.

ok thanks..yh the code is not mine..am using it for a voting site..and i needed it to be protected against sql injection. am still researching on PDO but i wont be able to correct the problem now since am new to it.would be glad if you could help correct the coding

MySQLi supports binding too, so why the step to PDO?

chose PDO because it does protect against sql injection.how wil the binding be like for this code?

Member Avatar
diafol

As pritaeas states, mysqli has binding too, so there's not much difference between PDO and mysqli for this purpose. Have you looked at the php manual for mysqli (or PDO) - there are examples there.

How about Google: "php mysqli binding example"

ohkk thanks..will check it out.But will still appreciate if you could help correct the code to prevent injections