Convert PHP PDO code to Mysqli

#1

Hello,
PHP PDO code used in this paging
How to convert mysqli?

<?php

include 'connection.php';

if($_POST){

    //Data

    $username = $_POST['username'] ?? '';

    $password = $_POST['password'] ?? '';

    $response = []; //Data Response

    //Cek username didalam databse

    $userQuery = $conn->prepare("SELECT * FROM user where username = ?");

    $userQuery->execute(array($username));

    $query = $userQuery->fetch();

    if($userQuery->rowCount() == 0){

        $response['status'] = false;

        $response['message'] = "Username Tidak Terdaftar";

    } else {

        // Ambil password di db

        $passwordDB = $query['password'];

        if(strcmp(md5($password),$passwordDB) === 0){

            $response['status'] = true;

            $response['message'] = "Login Berhasil";

            $response['data'] = [

                'user_id' => $query['id'],

                'username' => $query['username'],

                'name' => $query['name'],

                'email' => $query['email']

            ];

        } else {

            $response['status'] = false;

            $response['message'] = "Password anda salah";

        }

    }

    //Jadikan data JSON

    $json = json_encode($response, JSON_PRETTY_PRINT);

    //Print

    echo $json;

}
#2

Why on earth would you want to do that?

#3

On top of that it is poorly written code

1 Like
#4

I hope you dont use this as a backdoor on a compromised server that doesnt support PDO .

Gimme lambo now :grinning: ?

<?php
	
if($_POST){
    //Data

    $username = $_POST['username'] ?? '';

    $password = $_POST['password'] ?? '';

    $response = []; //Data Response
  
  //Cek username didalam databse
    $mysqli = new mysqli("localhost","your_username","your_password","your_database");
	if ($mysqli -> connect_errno) {
	  echo "Failed to connect to MySQL because of this error: " . $mysqli -> connect_error;
	  exit();
	}
	
	$userQuery= "SELECT * FROM user where username ='$username'";
   if ($result = $mysqli -> query($userQuery)) {
   $obj = $result -> fetch_object();

   
 
	
    if(!isset($obj->name)){

        $response['status'] = false;

        $response['message'] = "Username Tidak Terdaftar";

    } else {

        // Ambil password di db

        $passwordDB = $obj->password;

        if(strcmp(md5($password),$passwordDB) === 0){

            $response['status'] = true;

            $response['message'] = "Login Berhasil";

            $response['data'] = [

                'user_id' => $obj->id,

                'username' =>$obj->username,

                'name' => $obj->name,

                'email' => $obj->email

            ];

        } else {

            $response['status'] = false;

            $response['message'] = "Password anda salah";

        }

    }

    //Jadikan data JSON

    $json = json_encode($response, JSON_PRETTY_PRINT);

    //Print

    echo $json;

}
}
#5

@thephpexpert, you missed the point with your post -

  1. It doesn’t teach the OP anything by doing their assignment for them.
  2. It is worse than the original because it is no longer using a prepared query.
  3. Doesn’t run at all because it added a php syntax error.
  4. Contains error handling that will help a hacker.
  5. Doesn’t address any of the other existing problems in the poorly written code.
#6

The code works fine , It’s almost a 1 :1 conversion of his code .
I’d say Prety much selfexplanatory i didnt expect the need to explain in detail. but for your benefit :

To connect to db

$mysqli = new mysqli("localhost","your_username","your_password","your_database");

To check if connection failed

	if ($mysqli -> connect_errno) {
  echo "Failed to connect to MySQL because of this error: " . $mysqli -> connect_error;
  exit();
}

To do the query and get a record

$userQuery= "SELECT * FROM user where username ='$username'";
 if ($result = $mysqli -> query($userQuery)) {
$obj = $result -> fetch_object();

Everything else is the same with the exception of $query which holds the data being renamed to $obj .

If you are having issue’s running the code please let me know your error code and details of the error.

You are correct about point 5 my aim was just to satisfy his request without complete refactor of the code base . perhaps you can do the recommendations etc .

The more content for him the better :slight_smile:

Sponsor our Newsletter | Privacy Policy | Terms of Service