<?php //Remove any potentially dangerous characters from inputs. function sanatise_input($input) { return htmlspecialchars(stripslashes(trim($input))); } //Convert username to lowercase only to avoid duplicate keys. $username = strtolower(sanatise_input($_POST["username"])); $password = sanatise_input($_POST["password"]); $fname = sanatise_input($_POST["fname"]); $sname = sanatise_input($_POST["sname"]); $course = sanatise_input($_POST["course"]); //database accepts format: 2011-01-12 00:00:00 list($month, $year) = explode("-", $_POST["yearstarted"]); while (strlen($year) < 4) { //Assumes all users started after the year 2000. $year = "20" . $year; } while (strlen($month) < 2) { $month = "0" . $year; } $yearstarted = $year . "-" . $month . "-" . "01 00:00:00"; $error = ""; require_once "dbsettings.php"; //connection info $conn = @mysqli_connect("fdb14.biz.nf", "1971863_student", "swinedc123", "1971863_student"); // Checks if connection is successful if (!$conn) { // Displays an error message echo "<p>Database connection failure</p>";
<?php session_start(); //Remove any potentially dangerous characters from inputs. function sanatise_input($input) { return htmlspecialchars(stripslashes(trim($input))); } $username = sanatise_input($_POST["username"]); $password = sanatise_input($_POST["password"]); $_SESSION['sessionuser'] = $username; $error = ""; $usernamefound = false; $passwordmatch = false; require_once "dbsettings.php"; //connection info $conn = @mysqli_connect("fdb14.biz.nf", "1971863_student", "swinedc123", "1971863_student"); // Checks if connection is successful if (!$conn) { // Displays an error message echo "<p>Database connection failure</p>"; // not in production script } else { // Upon successful connection // Set up the SQL command to add the data into the table $query = "select username, password FROM user"; // execute the query and store result into the result pointer $result = mysqli_query($conn, $query); // checks if the execution was successful if (!$result) { echo "<p>Something is wrong with ", $query, "</p>";