How would I or should I convert this to PDO?

<?php session_start(); if (!isset($_SESSION['admin_admin'])) { if (isset($_POST['submit'])) { $admin = trim(stripslashes($_POST['admin'])); $password = trim(stripslashes($_POST['password'])); if (empty($admin) || !ctype_alpha($admin) || empty($password) || !ctype_alnum($password)) { $error = 'ERROR: Please fill in all required fields!'; renderForm($error); exit; } else { include 'lib.php'; $link = opendb(); $query = sprintf( 'SELECT * ' . 'FROM sp_users ' . 'WHERE username="%s" AND password="%s"', mysql_real_escape_string($admin), mysql_real_escape_string(md5($password)) ); $result = mysql_query($query); if ($result === false) exit('Error Validating User');

$password = md5($password);

$query = $db->prepare(“SELECT * FROM sp_users WHERE id=(?) AND name=(?)”);
$query ->bindValue(1, $admin, PDO::PARAM_STR);
$query ->bindValue(2, $password , PDO::PARAM_STR);
$query ->execute();
$rows = $query ->fetchAll(PDO::FETCH_ASSOC);
$colcount = $query ->columnCount();
if ($colcount == 0){
echo “something is wrong”;
else {
echo “success”;

But if you want fully PDO functioning system you may want to update your database connection function to PDO too.

Happy Codding :smiley:

AnjanaWijesundara, you’re a bit mixed up there aren’t you?
Starting off using mysql_ then mysqli_ and ending with PDO

@Mittineague , Off course i am… I made a mistake in my first post and i just update it. I copy the gregs coding there.That’s where i made mistake. but i guess now it’s up to the point. ay ? thanks for the reply

Generally speaking, you have two options when upgrading from the original MySQL API: MySQLi or PDO. (No one really uses ADOdb anymore since it provides the same functionality as PDO by being an abstraction layer, but comes with the performance penalty of being written in PHP rather than C.)

Which extension you choose to upgrade to is up to you. There’s both benefits and drawbacks to each, with PDOs most advocated advantage being the ability to change your underlying database from MySQL to another similar relational database (rather than trying to create your own abstract factory of driver-specific APIs in PHP - what ADOdb did).

It shouldn’t be difficult to upgrade to either extension, though I’d definitely suggest playing around with the APIs exposed by both PDO and MySQLi (along with their more advance features not present in the original MYSQL extension - like prepared statements and transactions) before migrating your codebase over.

  1. There’s no point in escaping an MD5 hash as that can never contain characters wiich can be confused with anything else.

  2. You really ought to use a more secure hashing mechanism for your passwords - such as the one provided by the PHP password class built into PHP 5.5 (and which can be easily added to PHP 5.3).

Thanks for all the help, everyone. It is appreciated. PDO seems daunting.

I don’t have PHP 5.5. I have 5.4.9.

If I upgrade to PhP 5.5, will it work with Apache 2.4 ?

Yes, PHP 5.5 will work just fine with Apache 2.4. Just make sure your production server has at least 5.5 on it before using any specific 5.5 features.

PDO is different but once you get a few queries and updates done then you will never look back. Here is another version which uses named parameters instead of ? place holders and bind statements.

$dsn = sprintf('%s:host=%s;dbname=%s','mysql','localhost','databaseName');

$pdo = new \PDO($dsn,'databaseUser','databaseUserPassword');

$stmt = $pdo->prepare("SELECT * FROM sp_users WHERE username = :username AND password = :password");

    'username' => $_POST['admin'], 
    'password' => md5($_POST['password'])

$rows = $stmt->fetchAll();

if (count($rows) != 1) die('user not found');

$user = $rows[0];


You can actually run a file with this sort of code directly from the command line which makes experimenting with it much easier than going though a browser.

with a bit of applied logic, that can be simplified further

// starting after the execute() method

// username should really be a PK, so if you have no result,
// it simply returns false
$row = $stmt->fetch();

if (!$row) {
    throw new Exception('User not found.');

Back again, but this time I am working on the database connection. I have this file called CONFIG.PHP

<?PHP $dbsettings = Array( "server" => "localhost", "user" => "", "pass" => "", "name" => "sports", "prefix" => "sp", "secretword" => ""); ?>

It is called used in an INCLUDE file:

function opendb() {

include 'config.php';

// $link = mysql_connect($server, $user, $pass) or die(mysql_error());
$link = new PDO(‘mysql:host=localhost;dbname=sports;charset=utf8’, $user, $pass);
// mysql_select_db($name) or die(mysql_error());
return $link;


I tried the new PDO link, but get the errors:
Warning: mysql_query(): Access denied for user ‘’@‘localhost’ (using password: NO) in
Warning: mysql_query(): A link to the server could not be established in

I just can’t find enough information on the internet about PDO to change my old WORKING code.
Thanks for any help.

If you’ve not got PHP version 5.5 or higher installed, have a look at it’s a forwards compatible library for dealing with password hashes, once you’ve migrated at some point over to PHP version 5.5 or higher you can migrate over to using the native password hashing functions.

Can you please post the whole of the script where you’re getting them errors?

That SitePoint article might be of help to you with the migration from the old mysql_* library over to PDO

It almost seems like you are trying to use mysql_query functions with a pdo connection? That won’t work well.

Take a look at post #8. Spend some time learning the basics of pdo and getting a few queries and updates to work. Work from a command line if possible. Then tackle upgrading your legacy application.