0

how to convert this old fastioned mysql statements to pdo?

<?php
 error_reporting(0); 
 define("host","localhost");
 define("user","root");
 define("password","");
 define("db","pass2"); 


$connect_db=mysql_connect(host,user,password) or die("cannot connect"); 

mysql_select_db(db, $connect_db);

$username=strtolower(addslashes($_POST['username']));
$password=strtolower(addslashes($_POST['password']));


$sql="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
$count=mysql_num_rows($result);


if($count==1 && $_POST['userlevel'] == "admin")
{
session_start();
$_SESSION['id']=$row['id'];
header("location: admin.php");
}
else if($count==1 && $_POST['userlevel'] == "managers")
{

header("location: managers.php");
}
else if($count==1 && $_POST['userlevel'] == "supervisors")
{

header("location: supervisors.php");
}
else if($count==1 && $_POST['userlevel'] == "users")
{
header("location: users.php");
}

else
 {
 echo "<body bgcolor='lightgreen'>";
 echo "<br><br>";
 echo "<h1> <center>Invalid User Name or Password</center> </h1><br/>";
 echo "</body>";
}

?>

hope some one will solve this problem. thanks in advance.

4
Contributors
3
Replies
23
Views
3 Years
Discussion Span
Last Post by matrixdevuk
1

I got bored...

<?php
    error_reporting(0); 
    define("host","localhost");
    define("user","root");
    define("password","");
    define("db","pass2");
    try {
        $db = new PDO("mysql:host=" . host . ";dbname=" . db, user, password); 
    }catch (Exeption $e){
        die("ERROR! Could not connect to MySQL database.");
    }
    $username = strtolower(addslashes($_POST['username']));
    $password = strtolower(addslashes($_POST['password']));
    $sql = "SELECT * FROM users WHERE username=:user AND password=:pass";
    $query = $db->prepare($sql);
    $result = $query->execute(array(":user" => $username, ":pass" => $password));
    $row = $result->fetchAll();
    $count = $result->rowCount();
    session_start();
    if($count == 1 && $_POST['userlevel'] == "admin")
    {
        $_SESSION['id'] = $row['id'];
        header("location: admin.php");
    }elseif($count == 1 && $_POST['userlevel'] == "managers")
    {
        header("location: managers.php");
    }elseif($count == 1 && $_POST['userlevel'] == "supervisors")
    {
        header("location: supervisors.php");
    }elseif($count == 1 && $_POST['userlevel'] == "users")
    {
        header("location: users.php");
    }else{
        echo "<body bgcolor='lightgreen'>";
        echo "<br><br>";
        echo "<h1> <center>Invalid User Name or Password</center> </h1><br/>";
        echo "</body>";
    }

There ya go.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.