Converting mysql to mysqli

PHP
1

I need to convert the following connection and function from mysql to mysqli. I was reading about a conversion tool that was launched but The page where it should be doesnt exist any longer:


define('DBHOST','host');
define('DBUSER','database username');
define('DBPASS','password');
define('DBNAME','database name');

// make a connection to mysql here
$conn = @mysql_connect (localhost, user, pass);
$conn = @mysql_select_db (database);
if(!$conn){
	die( "Sorry! There seems to be a problem connecting to our database.");
}
function login($user, $pass){

   $user = strip_tags(mysql_real_escape_string($user));
   $pass = strip_tags(mysql_real_escape_string($pass));

   $pass = md5($pass);

   $sql = "SELECT id, fname, lname, username, password
           FROM users
		   WHERE username = '$user' AND password = '$pass'";

   $result = mysql_query($sql) or die('Query failed. ' . mysql_error());
   $user_data = mysql_fetch_assoc($result);



   if (mysql_num_rows($result) == 1) {
      // the username and password match,
      // set the session
	  $_SESSION['authorized'] = true;
	  $_SESSION['user'] = $user_data['fname'];
	
	  // direct to admin
      header('Location: '.DIRADMIN);
	  exit();
   } else {
	// define an error message
	$_SESSION['error'] = 'Sorry, wrong username or password';
   }
}

Can someone tell me where I can download that tool or give me some directions. Thank you in advance.

2

Can you supply details of the conversion tool broken link and any further information that you can remember.

Note to Mods, I think this thread would be better in the Database & MySql forum.

3

You could instead of migrating over to mysqli_* migrate over to PDO. This article goes through the process of conversion. PDO has the advantage of allowing the use of named parameters in the queries. Whether you migrate over to mysqli_* or PDO you should use prepared statements which will prevent SQL injection.

On a note related to your code, md5() is a very weak algorithium for hashing, it has been rainbow-tabled to death. What version of PHP are you using?

Your best bet is to use the password hashing functions (new to PHP 5.5). This way, you won’t have to specify an algorithm, a cost, or even a salt. It does it all for you, and it does it right. If you need to support versions of PHP earlier tha 5.5, then you can use this [URL=“https://github.com/ircmaxell/password_compat”]forward compatibility library.

4

‘mysqli’ is a class. Create an instance of it using the constructor.
Let’s call your object ‘$mysqli’.

Now, to convert mysql to mysqli, use the methos of ‘mysqli’, whose name is like the one from ‘mysql’, but without the ‘mysql_’ prefix…
Read about the class here.