I'm switching from MySQL to PDO and I'm unsure if this query is correct.. would I still be required to write the if command.
public function User_Login($_iUsername,$_iPassword) {
$username=mysql_real_escape_string($_iUsername);
$password=mysql_real_escape_string($password);
$md5_password=md5($_iPassword);
$query=mysql_query("SELECT _iD FROM users WHERE _iUsername='$_iUsername' and _iPassword='$md5_password' AND _iStatus='1'");
if( mysql_num_rows( $query ) == 1 ) {
$row = mysql_fetch_array( $query );
return $row['_iD'];
} else {
return false;
}
}
TO
public function User_Login($_iUsername,$_iPassword) {
$md5_password = md5($_iPassword);
$sth = $db->prepare("SELECT _iD FROM users WHERE _iUsername='$_iUsername' and _iPassword='$md5_password' AND _iStatus='1'");
$sth->execute();
$result = $sth->fetchAll();
}