This question already has an answer here:
I have an Index.php which has a form for fetching user details when that form is submitted it fires the data to a new program.php for validation in program.php I've linked db.php in which I've the connection to the database, code of db.php is given below:
<?php
$link=mysql_connect('localhost', 'root', '') or die ("mysql_connect_error()");
$dbselect=mysql_select_db('test',$link) or die ("Error while connecting the database");
?>
since using it this way sql injections are possible, so I tried changing it to code given below:
<?php
$hostname='localhost';
$username='root';
$password='';
try
{
$dbh = new PDO("mysql:host=$hostname;dbname=test",$username,$password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // <== add this line
$dbh = null;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
?>
but I am getting an error when I connect submit the form. Inside my program.php I have called db.php by include "db.php";
. Since I am new to PDO, I am not sure where am I going wrong.
Updated program.php code
<?php
if($_POST)
{
include "link_db.php";
if ($_POST[admin_sign_up])
{
$fname=$_POST[fname];
$lname=$_POST[lname];
$id =$_POST[id];
$id_pass=$_POST[id_pass];
$sql="insert into admin_database(fname, lname, id, id_pass)
value ('$fname','$lname','$id','$id_pass')";
mysql_query($sql);
$error=mysql_error();
if(empty($error))
{
echo "<script>alert('Registration Successful...')</script>";
header("Location:index.php",true);
}
else
{
echo "Registration Failed...<br> Email Id already in use<br>";
echo "<a href='failed.php'>Click to SignUp again</a>";
}
}
if ($_POST[admin_login])
{
$id =$_POST[id];
$id_pass=$_POST[id_pass];
$sql="select * from admin_database where id = '$id' and id_pass= '$id_pass'";
$result=mysql_query($sql);
echo mysql_error();
$row=mysql_fetch_array($result);
$rowcnt=mysql_num_rows($result);
if($rowcnt==1)
{
session_start();
$_SESSION['id']=$id;
$_SESSION['fname']=$row['fname'];
$_SESSION['lname']=$row['lname'];
$_SESSION['varn']="Y";
echo "Login Successfully....";
header("Location:home.php",true);
}
else
{
$id =$_POST[id];
$id_pass=$_POST[id_pass];
$sql="insert into adminfailure(id, id_pass, date_time)
value ('$id','$id_pass',NOW())";
mysql_query($sql);
$error=mysql_error();
if(empty($error))
{
Echo "Invalid Login ID or Password....";
header("Location:fail.php",true);
}
else
{
echo "incorrect details";
}
}
}
if ($_POST[logout])
{
header("location:destroy.php",true);
}
}
?>
Updated Errors which I get
Notice: Use of undefined constant test_sign_up - assumed 'test_sign_up' in B:\XAMPP\htdocs\test\program.php on line 6
Notice: Undefined index: test_sign_up in B:\XAMPP\htdocs\test\program.php on line 6
Notice: Use of undefined constant test_login - assumed 'test_login' in B:\XAMPP\htdocs\test\program.php on line 32
Notice: Use of undefined constant id - assumed 'id' in B:\XAMPP\htdocs\test\program.php on line 35
Notice: Use of undefined constant id_pass - assumed 'id_pass' in B:\XAMPP\htdocs\test\program.php on line 36 No database selected Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in B:\XAMPP\htdocs\test\program.php on line 41
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in B:\XAMPP\htdocs\test\program.php on line 42
Notice: Use of undefined constant id - assumed 'id' in B:\XAMPP\htdocs\test\program.php on line 56
Notice: Use of undefined constant id_pass - assumed 'id_pass' in B:\XAMPP\htdocs\test\program.php on line 57 incorrect details Notice: Use of undefined constant logout - assumed 'logout' in B:\XAMPP\htdocs\test\program.php on line 73
Notice: Undefined index: logout in B:\XAMPP\htdocs\test\program.php on line 73
</div>