I am trying to make a page to change a password in the database. I made the form and this is the PHP code :
if(isset($_POST['btn-newpass']))
{
$username = strip_tags($_POST['username']);
$password = md5(strip_tags($_POST['password']));
$password_new = md5(strip_tags($_POST['password_new']));
$password_new_conf = md5(strip_tags($_POST['password_new_conf']));
$password_in_db= mysqli_query("SELECT password FROM utilizatori WHERE username='$username'");
if(!$password_in_db)
{ echo "The entered username doesn't exist";}
elseif($password!=$password_in_db)
{ echo "The current password is wrong";}
if($password_new == $password_new_conf)
{$sql = mysqli_query("UPDATE utilizatori SET password='$password_new' WHERE username='$username'");}
if($sql)
{ echo "Changed successfully!";}
else
{ echo "The passwords do not match";}
}
When I try to change a password I get the following errors:
Warning: mysqli_query() expects at least 2 parameters, 1 given in A:\XAMPP\htdocs\testing\change_password.php on line 10
The entered username doesn't exist
Warning: mysqli_query() expects at least 2 parameters, 1 given in A:\XAMPP\htdocs\testing\change_password.php on line 18
Passwords do not match
In connection.php I have the following code:
class Database
{
private $host = "localhost";
private $db_name = "atlx";
private $username = "root";
private $password = "";
public $conn;
public function dbConnection()
{
$this->conn = null;
try
{
$this->conn = new PDO("mysql:host=" . $this->host . ";dbname=" . $this->db_name, $this->username, $this->password);
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $exception)
{
echo "Connection error: " . $exception->getMessage();
}
return $this->conn;
}
}
Could somebody point me out what is wrong here?
EDIT:
I realised the connection to the database is done using PDO. How can I convert the PHP code to work with PDO?
In the mysqli_query you have to pass the connection variable to for executing
Replace
$password_in_db= mysqli_query("SELECT password FROM utilizatori WHERE username='$username'")
With
$password_in_db= mysqli_query($con,"SELECT password FROM utilizatori WHERE username='".$username."'")
mysqli_query($Database->dbConnection(),"SELECT password FROM utilizatori WHERE username='$username'");
As mysqli_query expects parameter 1 to be connection object.
Replace
$password_in_db= mysqli_query("SELECT password FROM utilizatori WHERE username='$username'")
With
$conn = new Database;
$password_in_db= mysqli_query($conn->dbConnection(),"SELECT password FROM utilizatori WHERE username='".$username."'")
OR
$password_in_db= mysql_query("SELECT password FROM utilizatori WHERE username='".$username."'")
Since, You are using PDO for database connection why are you using mysqli_ to perform database query. Learn more about PDO
http://php.net/manual/en/book.pdo.php
on how to perform database query using it. OR learn how to make DB connection using mysqli
http://php.net/manual/en/book.mysqli.php
For your answer if you need to perform mysqli_query you need to add your Database connection in first parameter.
mysqli_query($dblink, "SELECT * FROM City")
Your Re-Written code should be like this
if(isset($_POST['btn-newpass']))
{
$username = strip_tags($_POST['username']);
$password = md5(strip_tags($_POST['password']));
$password_new = md5(strip_tags($_POST['password_new']));
$password_new_conf = md5(strip_tags($_POST['password_new_conf']));
$password_in_db= mysql_query("SELECT password FROM utilizatori WHERE username='".$username."'")
if(!$password_in_db)
{ echo "The entered username doesn't exist";}
elseif($password!=$password_in_db)
{ echo "The current password is wrong";}
if($password_new == $password_new_conf)
{$sql = mysqli_query("UPDATE utilizatori SET password='$password_new' WHERE username='$username'");}
if($sql)
{ echo "Changed successfully!";}
else
{ echo "The passwords do not match";}
}
You can learn more about PDO in this link