Convert PHP MySQL Code to MySQLi

I use the code below for a login system on my site. A lot of programmers on other sites said this code is not safe in any way, but the login system I created is huge. I can't rebuild it all, that takes ages for a beginner programmer in PHP.

<?php $destroy = false; require('connect.php'); session_start(); if (isset($_POST['username']) and isset($_POST['password'])){ $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM `user` WHERE username='$username' and password='$password'"; $result = mysql_query($query) or die(mysql_error()); $count = mysql_num_rows($result); if ($count == 1){ $_SESSION['username'] = $username; }else{ header("Location: index.php?login=invalid"); } } if (isset($_SESSION['username'])){ $username = $_SESSION['username']; include("inc/"); } else { if(isset($msg) & !empty($msg)){ echo $msg; } if(isset($_GET["login"]) && $_GET["login"] === "invalid") { echo "<div class='redtxt'>That account doesn't exist.</div>"; } ?> <form action="" method="POST"> <p><label>Username:</label><br /><input id="username" type="text" name="username" /></p> <p><label>Password:</label><br /><input id="password" type="password" name="password" /></p> <input type="submit" name="submit" value="Sign in" /> </form> <?php } ?>

-------------Problems Reply------------

Suppose your database connection link is $conn (came through require('connect.php');) then you just need to change this:-

$result = mysqli_query($conn,$query) or die(mysqli_error($conn));
$count = $result->num_rows;

Note:- you can check php manual for mysqli_* because they are mostly similar to mysql_* syntax.

Some good points raised by others in comment. take care of that also. like password as plaintext etc.

You should convert your functions to mysqli (see previous answer) and besides that you really need to use prepared statements too make it a whole lot safer:

--edit-- And as pointed out by others you should properly hash the password value (not md5 please)

Category:php Views:14 Time:2018-06-12
Tags: php mysql mysqli

Related post

  • How to convert Php source code to code 2009-08-18

    I am developing an application on mybloglog. I got the source code in php.I dont have any idea about php. Thats why I want to convert Php source code to code. Any Help Please --------------Solutions------------- Hope this helps PHP to ASP.NET

  • Converting php date to fit mysql database 2011-01-03

    I want to convert an input date in the form of dd/mm/yyyy to the MySQL format which is yyyy-mm-dd. I was trying to use date('Y-m-d', strtotime($_POST['date'])) but the problem is that the output is always Y-d-m, I think because it considers my 2nd ar

  • Convert PHP encryption code to C# 2009-11-13

    I'm trying to convert this piece of code from PHP to C#. It's part of a Captive Portal. Could somebody explain what it does? $hexchal = pack ("H32", $challenge); if ($uamsecret) { $newchal = pack ("H*", md5($hexchal . $uamsecret)); } else { $newchal

  • need help converting php curl code to C language 2011-04-29

    my service provider has given me following piece of PHP code for accessing his service. I need help in converting to C lang code for use in my application. The code is using curl module to post on to a site. pls advise. <?php $ch = curl_init(); cu

  • Convert PHP procedural code into OOP method chaining-are maintainability and readability worth the trouble? 2011-08-18

    I had a medium-size task done in procedural style so I thought of converting the code to OOP for ease of maintenance. The original code was a big block in a single file and what I did was: - Break down the task into functions which handle a part of t

  • Converting PHP escape codes 2011-05-03

    I'm using simplexml to read the contents of an utf-8 XML source. The source contains escaped characters like the French E... 15 THE AVENUE EXAMPLE CLÉMENCEAU And I'm saving it to a variable like this: $shipping_street1 = (string) $order->{'shippin

  • Convert PHP to C++ code 2009-07-07

    I'm looking for a way to convert PHP code to C++. There are a few reasons I want to do so: Main reason: There are bunch of great PHP tools/software that I'd love to use and incorporate into C++ GUI or non-GUI applications To boost performance To avoi

  • Problem converting php code for mysql to sqlite 2010-05-26

    I am converting my php code for MySQL to SQLite. I am new to SQLite. Kindly help me convert this portion. if (mysqli_fetch_row($result)== NULL){ echo "Inserting new record <br />"; $stmt = mysqli_prepare($con,"INSERT INTO received_queries VALUE

  • how to determine which PHP code opens MySQL connections that aren't getting closed 2009-10-29

    We have an application that is comprised of a couple of off the shelf PHP applications (ExpressionEngine and XCart) as well as our own custom code. I did not do the actual analysis so I don't know precisely how it was determined, but am not surprised

  • Need help in converting my PHP & MySQL script from mysql to mysqli? 2009-12-05

    My script was working before but when I changed all the mysql tags to mysqli everything stopped working. Can some please help me make the script work agian. Here is the script. <?php $db_host = "localhost"; $db_user = "root"; $db_pass = ""; $db_na

  • write php code to mysql? 2010-07-14

    Is there any possibility to write php code to mysql and then use it in php, in order to process the output, not just write it? I would like to use mysql, instead of included file...if it is possible. --------------Solutions------------- You can use t

  • PHP/MySQL Code Error - Outputs fine via phpMyAdmin but Errors in Browser 2011-01-11

    I'm running a MySQL Query, here it is: CREATE TEMPORARY TABLE LeaderBoard ( `agent_name` varchar(20) NOT NULL, `job_number` int(5) NOT NULL, `job_value` decimal(3,1) NOT NULL, `points_value` decimal(8,2) NOT NULL ); INSERT INTO LeaderBoard (`agent_na

  • php/mysql (appending html color codes to mysql table values) 2011-03-31

    This is php specific question. Is it possible to store html color codes in mysql table. So that when there is a php echo, it outputs the values in colors? For all my empty fields, I want to show the background color as red. Can I define a default fun

  • Why does this code using MySQLi throw a PHP Notice : trying to get property of non-object 2011-06-25

    This code works, and outputs an array as intended, but throws the following error message: PHP Notice: Trying to get property of non-object... Here is my code: $mysqli = new mysqli("localhost","user","pass","database"); $sql = "SELECT keyterm FROM ke

  • How to return php code from mysql record? 2011-06-28

    How to return php code from mysql row 'content' record where it might contain just plain text like: Hello! or/and php like: Lets try some php: <?php echo phpinfo(); ?> without casing speed performance when it contains just plain text? Here is a

  • PHP mySQL code posting extra rows to database? 2012-03-07

    SECOND EDIT It seems that upon loading the page, not when submitting, that the two entries (blank rows) are added to my database. I'm really struggling to find my problem here but I have a feeling it's a fairly stupid error. I'm having an issue with

  • PHP/MySQL code issue 2012-03-07

    EDIT problem solved, used error reporting and found it was an issue regarding double quotes versus single quotes. I am having an issue in getting this PHP/mySQL code to display anything. As is it simply displays a blank white page. I inserted a simpl

  • num_rows is 0 when it should be >0 for php mysqli code 2012-04-13

    My num_rows is coming back as 0, and I've tried calling it several ways, but I'm stuck. Here is my code: $conn = new mysqli($dbserver, "dbuser", "dbpass", $dbname); // get the data $sql = 'SELECT AT.activityName, AT.createdOn FROM userActivity UA, us

  • php code to mysql database export 2010-03-22

    Possible Duplicate: Best practice: Import mySQL file in PHP; split queries How to import import *.sql file into database and export db to *.sql file in php coding? --------------Solutions------------- exec("mysqldump database -u username -p password

  • How i can convert a mdb file to mysql file or mysql commands with PHP? 2011-10-19

    Is it possible to create mysql file or mysql commands from mdb (Microsoft access database) 2002-2003 format using PHP? Actually i have a mdb file which have 8-10 table and i want to copy that whole data to my mysql database. I know it is open questio

  • Convert timestamp to date in MySQL query 2012-02-12

    I want to convert a timestamp in MySQL to a date. I would like to format the user.registration field into the text file as a yyyy-mm-dd. Here is my SQL: $sql = requestSQL("SELECT,, FROM_UNIXTIME(user.registration), FROM

  • PHP Sessions stored in MySQL in Ajax heavy environment 2009-07-16

    I'm looking to change my application to store PHP Session data in MySQL. The application is ajax intensive but does not utilize long-polling or any other type of persistent connection. My question is, are there any gotcha's I need to be aware of when

  • Why does this pdo::mysql code crash on windows? 2009-08-11

    Why does this pdo::mysql code crash on windows??? <?php $username = "root"; $password = ""; try { $dsn = "mysql:host=localhost;dbname=employees"; $dbh = new PDO($dsn, $username, $password); $dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, FALSE);

  • PHP PDO prepared statement - mysql LIKE query 2009-11-23

    This is my first post to stack Overflow, but I find the existing body of knowledge very helpful. At any rate, here's my issue: I am trying to do a search through php's PDO class (mysql driver). I have the following query working with the mysql client

  • How to Call Java Code from MySQL? 2010-01-09

    I found an article from 2008 discussing how to call Java code from MySQL. There were a lot of caveats and disclaimers because the process involved working with an experimental branch of MySQL. For a project I have in mind, it would be very useful to

Copyright (C), All Rights Reserved.

processed in 0.120 (s). 11 q(s)