I want to use PDO functions instead of mysql_* functions? (e.g. mysql_query(), mysql_connect() or mysql_real_escape_string())? So what should I change about this code so it's PDO?

[Bramdon3000]

<?php

$con=mysql_connect ("localhost","root","");

if(!$db) {

echo "Unable to establish connection".mysql_error();

}

$db=mysql_select_db ("Water Tower 2000 r",$con);

if(!$db){

 echo "Database not found".mysql_error();

 }

 if (isset ($_POST ['submit'])) {

 $username = $_POST ['username'];

 $password = $_POST ['pwd'];

 $query="select * from login where username= '$username' and password= '$password' and

 type='$type'";

$result=mysql_query($query);

 

while($row=mysql_fecth_array($result)){

    if($row['username']==$username && $row ['password']==$password && $row['type']=='

    Admin'){

     header ("Location:admin.html");

    }else($row['username']==$username && $row ['password']==$password && $row['type']=='

    Parent') {

        header ("Location:parent.html");

    } elseif ($row['username']==$username && $row ['password']==$password && $row['type']=='

    Swimmer'){

     header ("Location:swimmer.html");

    }

 

   }

}

?>

 

[Barand]

That code wouldn't run even with a mysql_ library, so why bother?

[Barand]

With more than a little rewriting (avoiding missing variable definitions, mis-spelt function names and illegal syntax)

<?php
const HOST     = 'localhost';                                                          
const USERNAME = 'root';                                                               
const PASSWORD = '';                                                               
const DATABASE = 'test';               // default db                                  
                                                                                
function pdoConnect($dbname=DATABASE)                                                  
{                                                                                      
    $db = new PDO("mysql:host=".HOST.";dbname=$dbname;charset=utf8",USERNAME,PASSWORD);
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);                      
    $db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);                 
    $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);                              
    return $db;                                                                        
}                                                                                      

### CODE ABOVE BELONGS IN AN INCLUDED FILE ###################################################################

$pdo = pdoConnect('Water Tower 2000 r');
 
if ($_SERVER['REQUEST_METHOD']=='POST') {
    
    $stmt = $pdo->prepare("SELECT type
                             FROM login
                             WHERE username = ? AND password = ?
                            ");
    $stmt->execute( [ $_POST['username'], $_POST['pwd'] ] );
    $type = $stmt->fetchColumn();
    switch ($type) {
        case 'Admin': header("Location: admin.html"); exit;
        case 'Parent': header("Location: parent.html"); exit;
        case 'Swimmer': header("Location: swimmer.html"); exit;
        default: exit("Unknown user type");
    }
    
}

 

Edited April 29, 2022 by Barand