0

I have 3 files to login

Can someone look through my code in checklogin... does it look OK. And hwo do I update it so it's not deprecated. mysql_select_db and sql select etc, how can I change the code to update version...

<?php 
$host="localhost"; 
$username="root"; 
$password=""; 
$db_name="members"; 
$tbl_name="user"; 

$username=$_POST['username'];
$password=$_POST['password'];


$con= mysql_connect("localhost","root","","members");
if(!$con)
die("failed to connect");

    mysql_select_db("members",$con);

$sql= "SELECT * FROM user WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1)
{
session_start();
$_SESSION['username']=$username; 
header("location:login_success.php");
} 
else {
echo "Wrong Username or Password";
}
?>
James_P
  • 41
  • 9

3 Answers3

1

Try this code and see if it does what you need. Also, when you post your form are you encrypting your password in anyway? You may need to decrypt the users password so that it matches what is in the DB?

<?php
define('DB_HOSTNAME','localhost');
define('DB_USERNAME','root');
define('DB_PASSWORD','');
define('DB_DATABASE','members');

$username = $_POST['username'];
$password = $_POST['password'];

//CONNECT TO DATABASE
$db = new mysqli(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE);
if($db->connect_errno > 0){
    die('Unable to connect to database [' . $db->connect_error . ']');
}

$userExists = $db->query("SELECT * FROM user WHERE username='{$username}' and password='{$password}'");
$count = count($userExists);

$db->close();

if($count == 1){
    session_start();
    $_SESSION['username'] = $username; 
    header("location:login_success.php");
}else{
    echo "Wrong Username or Password";
}
?>
Terry Carter
  • 298
  • 2
  • 11
  • My teacher said to connect we should sue `$con=mysqli_connect(“localhost”,”username”,”pw”,”db”) or die(mysqli_error($con));` So im doing tutorials and I'm confused which one is correct.. WHat is difference between $db and $con At moment their is no encryption, I'm just studying this at moment. – James_P Nov 20 '14 at 20:20
  • @James_P - $db and $con are just variables to reference the connection itself, you could name it $mysqli or anything else you want for the most. Creating a connection using this method allows you to easily reuse your connection for the next query. Here is a decent primer if you want to learn more about mysqli connections codular.com/php-mysqli – Terry Carter Nov 21 '14 at 22:17
  • Also... to verify that your connection has been established and your database information has been returned you can add print_r($userExists); to view what is being returned in the mysqli_result. Also, if my answer is sufficient for your needs please be sure to mark it as the correct answer to help my stackoverflow rating. – Terry Carter Nov 21 '14 at 22:17
0

You need to use PHP PDO.

PHP's mysql_* functions are deprecated and should not be used anymore!

All you need is to update your code to get rid of using deprecated functions.

Artem Gvozd
  • 9
  • 1
0

What the posters failed to inform you of is that the functions for 'mysql..()' are deprecated by PHP. Meaning they will be taken out soon or will no longer be updated in the newer versions of PHP. Better description here Deprecated meaning?.

'mysqli' is the new standard for connecting with mysql through PHP. There are several ways you can connect to mysql through PHP as well. 'new mysqli', 'mysqli_connect', and even going the PDO route. http://php.net/manual/en/mysqli.quickstart.connections.php

php.net has a great set of documentation that will give you better insite into all of these methods.

Hope this helps you be not confused any longer.

Community
  • 1
  • 1
Adrian
  • 1
  • 1
  • 1
  • 2
  • thanks, im just confused a bit.. i'm trying to go the mysqli route for now. I think I have the connect sorted but not sure about the rest.. the select bit and query.. can you help so I can view it? I'll check your links also to gain better understanding. – James_P Nov 20 '14 at 21:04