$query = sqlsrv_query("select * from sessions where password='$password' AND username='$username'");
$rows = sqlsrv_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username;
header("location: profile.php");
} else {
$error = "Username or Password is invalid";
}
Hi, I have this code but it's written in mysql and I want it to work in sqlserver so I changed mysql_query into sqlsrv_query and it didn't work properly, and I changed mysql_num_rows into sqlsrv_num_rows and it didn't work either so can anyone help me and tell me how to write them please?
You are missing the connection parameter to sqlsrv_query. While you're at it, you might as well use bind variables instead of string substitution to help guard against SQL-Injection attacks.
$serverName = "serverName\instancename";
$connectionInfo =
array( "Database"=>"dbName", "UID"=>"username", "PWD"=>"password" );
$conn = sqlsrv_connect( $serverName, $connectionInfo);
$params = array($username, $password);
$stmt = sqlsrv_query
($conn,
'select * from sessions where password=? AND username=?',
$params);