here is my code. how can i fix it?
the error message goes like this
"Deprecated: mysql_connect(): The mysql extension is deprecated and
will be removed in the future: use mysqli or PDO instead in
C:\wamp\www\test12345\db.php on line 6"
how can i make a login page without errors?
im trying to make a website that has a secure login with session?. am i doing it right?
db.php
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "";
$mysql_database = "web";
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Can't connect to database");
mysql_select_db($mysql_database, $bd) or die("Opps some thing went wrong");
login.php
include("db.php");
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from Form
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password = md5($password); // Encrypted Password
$sql = "SELECT id FROM admin WHERE username='$username' and passcode='$password'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if ($count == 1) {
session_register("username");
$_SESSION['login_user'] = $username;
header("location: welcome.php");
} else {
$error = "Your Login Name or Password is invalid";
}
}
?>
Answer
I haven't tested this but if you wanted an example of how to convert this to PDO
//really basic connection wrapper class
class DB{
protected $_conn;
public function __construct(){
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "";
$mysql_database = "web";
//http://php.net/manual/en/pdo.construct.php
$this->_conn = new PDO(
'mysql:host=' . $mysql_hostname . ';' . 'dbname=' . $mysql_database,
$mysql_user,
$mysql_password
);
}
public function getConn(){
return $this->_conn;
}
/*
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Can't connect to database");
mysql_select_db($mysql_database, $bd) or die("Opps some thing went wrong");
*/
}
?>
//any space or new lines here ( before the open PHP tag ) will prevent the redirect
ini_set('display_errors', 1); //turn on error reporting when developing
include("db.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST"){
$DB = new DB();
// username and password sent from Form
$username = $_POST['username'];
$password = $_POST['password'];
$password = md5($password); // Encrypted Password - update this as others have stated
$sql="SELECT id FROM admin WHERE username = ? and passcode = ?";
//http://php.net/manual/en/pdo.prepare.php
$stmt = $DB->getConn()->prepare($sql);
//http://php.net/manual/en/pdostatement.execute.php
$stmt->execute( array( $username, $password ) );
//http://php.net/manual/en/pdostatement.fetchall.php
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
// If result matched $username and $password, table row must be 1 row
if(count( $results ) ){
//session_register("username"); this is deprecated
$_SESSION['login_user']=$username;
header("location: welcome.php");
exit(); //add exit here
}else {
$error="Your Login Name or Password is invalid";
}
}
?>
for the redirect issue.
Don't use session_register();
How to fix the session_register() deprecated issue?
No comments:
Post a Comment