hello everyone..how do i code PDO for this script...please help me <?php if (isset($_POST['Login'])){ $UserName=$_POST['UserName']; $Password=$_POST['Password']; $hostname = 'localhost'; $username = 'root'; $password = ''; $database_name = 'ovs'; $mysqli = new mysqli($hostname, $username,$password, $database_name); $login_query=mysqli_query($mysqli,"select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='1st year'") or die(mysqli_error()); $login_query1=mysqli_query($mysqli,"select * from voters where Username='$UserName' and Password='$Password' and Status='Voted'"); $count=mysqli_num_rows($login_query); $count1=mysqli_num_rows($login_query1); $row=mysqli_fetch_assoc($login_query); $id=$row['VoterID']; ?> PHP:
even as mysqli that's not good code in the first place -- there's a LOT that I'd fix either way in there. The biggest problem I see is it's slapping together query strings old-school; defeating the entire reason to even use mysqli_ -- so first let's fix the existing version to not be stuck in decade old methodology. I'm also stuck wondering why in blazes it's running two queries for 'voted' or 'unvoted' on a table that has a 'voterID'... since user ID's are usually unique, there should be no reason to ask for them twice. Not even sure what the **** it's doing there... much less why run 'count' on something that should only ever return one or zero rows... and it has no handling whatsoever for if an invalid un/pw is passed... and of course passwords should be encrypted too... I'm guessing WILDLY here, but I suspect it should go something more like this: <?php if ( isset($_POST['Login']) && isset($_POST['UserName']) && isset($_POST['PassWord']) ) { $db = new PDO( 'mysql:host=localhost;dbname=ovs', 'root', // username '' // password ); $statement = $mysqli->prepare(' SELECT * FROM voters WHERE Username = :user AND Password = :pass '); $statement->execute([ ':user' => $_POST['UserName'], ':pass' => hash('sha256', $_POST['PassWord']) ]); if ($row = $statement->fetch()) { if ( ($row['Status'] == 'Unvoted') && ($row['Year'] != '1st Year') ) { /* I assume you were filtering out/rejecting this condition for a reason? If so, do it here. */ } else { $id = $row['VoterId']; } } else { // invalid username/password handler goes here! } } else { // improper or empty form submit handler goes here! } ?> Code (markup):
the script is for a voting site so the "Unvoted " query was to allow those who have not voted to vote..and the "Voted" query was to disallow those who had already voted ..thanks very much will start with your code..