php - I need help converting from mysql

php - I need help converting from mysql_query to PDO -

- June 15, 2015

i want make site secure possible need convert have pdo. i've done few things ran road block on sign in page.

heres code:

<?php //signin.php include 'connect.php'; include 'header.php'; session_start();  echo '<h3>sign in</h3>';  //first, check if user signed in. if case, there no need display page if(isset($_session['signed_in']) && $_session['signed_in'] == true) {     echo 'you signed in, can signout if want.'; } else {     if($_server['request_method'] != 'post')     {         echo '<div class="formdivs" id = "logindiv"><form class = "homeforms" method="post" action="">             <label>username:<input class="forminput" id="smallinput" type="text" name="user_name" /></label>             <label>password:<input class="forminput" id="smallinput" type="password" name="user_pass"></label>             <input class = "formbutton" type="submit" name = "button" value = "sign in!"/>          </form></div>';       }     else     {          $errors = array();          if(!isset($_post['user_name']))         {             $errors[] = 'missing username.';         }          if(!isset($_post['user_pass']))         {             $errors[] = 'missing password.';         }          if(!empty($errors))         {             echo 'errors';             echo '<ul>';             foreach($errors $key => $value)             {                 echo '<li>' . $value . '</li>';             }             echo '</ul>';         }         else         {      //this pdo problem begins-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|           $password = sha1($_post['user_pass']);         $sql= "select * users user_name = :username , user_pass = :password";          $stmt = $pdo->prepare($sql);         $stmt->bindparam(':username', $_post['user_name']);          $stmt->bindparam(':password', $password);         $stmt->execute();         $stmt->setfetchmode(pdo::fetch_assoc);              if(true)             {                 if(true)                 {                      $_session['signed_in'] = true;                       while($row = $stmt->fetch())                     {                         $_session['user_id']    = $row['user_id'];                         $_session['user_name']  = $row['user_name'];                         $_session['user_level'] = $row['user_level'];                     }                     header('location: /forum.php');                     exit;                 }             }         }     } }  include 'footer.php'; ?>

my page loads form when press submit button turns blank (except header , footer) tells me php has error. (obviously)

i want page able run error checking (to see if both boxes have input) execute upon button press. after press button want echo sql error if there 1 (in situations database down etc) , echo if user name or password not exist in database. (ie select statement returns nothing).

at moment have "admin" , "password" hardcoded in, because dont think bindparams statements worked.

edit: should state none of error checking works. if try run boxes empty nothing still shown.

edit: solution: using $pdo when should have been using $dbh. didnt realize $pdo variable php manual supposed actual instance created in connect.php file. everybody

you need colon in sql string

$sql= "select * users user_name = :username , user_pass = :userpass";  $stmt = $pdo->prepare($sql); $stmt->bindparam(':username', $_post['user_name']);  $stmt->bindparam(':userpass', $password); $stmt->execute();

no need loop , since it's single record:

$stmt->setfetchmode(pdo::fetch_assoc); $row = $stmt->fetch(); //set session $_session['user_id']    = $row['user_id']; $_session['user_name']  = $row['user_name']; $_session['user_level'] = $row['user_level'];

keep things simple

 if(isset($_post['submit']){     //form submitted, checking errors     $errors = array();      if(!isset($_post['user_name']))     {         $errors[] = 'missing username.';     }      if(!isset($_post['user_pass']))     {         $errors[] = 'missing password.';     }      if(!empty($errors))     {         echo 'errors';         echo '<ul>';         foreach($errors $key => $value)         {             echo '<li>' . $value . '</li>';         }         echo '</ul>';         exit();//error! let's exit     }else{       //no errors run pdo query here     }  }else{    //no submission display form }

Search This Blog

DTr

php - I need help converting from mysql_query to PDO -

Comments

Post a Comment

Popular posts from this blog

c++ - OpenCV Error: Assertion failed <scn == 3 ::scn == 4> in unknown function, -

php - render data via PDO::FETCH_FUNC vs loop -

The canvas has been tainted by cross-origin data in chrome only -