dbconnect php

1. <?php
2. $server_addr="localhost";
3. $server_user="root";
4. $server_pass="";
5. $dbname="injection";
6.  
7. function dbconnect(){
8. $conn= new mysqli($GLOBALS['server_addr'],$GLOBALS['server_user'],$GLOBALS['server_pass'],$GLOBALS['dbname']);
9. if ($conn->connect_errno){
10. return False;
11. }
12. else{
13. return $conn;
14. }
15. }
16.  
17. function statementop($db,$username,$password){
18. #return "I" if injection is detected
19. #return "S" if successfull
20. #return "F" if user not found
21.  
22. $statement=$db->prepare("SELECT username,password FROM users WHERE username=? AND password=?;");
23. $statement->bind_param("ss",$username,$password);
24. $statement->execute();
25. $result = $statement->get_result();
26. if($result){
27. while ($row = $result->fetch_array(MYSQLI_ASSOC))
28. {
29. if($row["username"]==$username && $row["password"]==$password){
30. return "S";
31. }
32. else{
33. return "F";
34. }
35. }
36. }
37. $result->free();
38. $statement->close();
39. /*if(is_null($result)){
40. return "S";
41. }
42. else{
43. return "F";
44. }
45. }*/
46. $statement->close();
47. }
48. ?>