Update signin.php

E-Commerce Full Website Using PHP/inc/connect.inc.php

@@ -1,4 +1,3 @@
 <?php 
-	mysql_connect("localhost","root","") or die("Couldn't connet to SQL server");
-	mysql_select_db("ebuybd") or die("Couldn'ttt select DB");
-?>
+	$conn = new mysqli("localhost","root","", "ebuybd");
+?>

E-Commerce Full Website Using PHP/login.php

@@ -1,6 +1,6 @@
-<?php include ( "inc/connect.inc.php" ); ?>
-<?php session_start(); ?>
-<?php
+<?php 
+include ( "inc/connect.inc.php" );
+session_start();
 ob_start();
 if (!isset($_SESSION['user_login'])) {
 }
@@ -11,21 +11,24 @@
 $passs = "";
 if (isset($_POST['login'])) {
 	if (isset($_POST['email']) && isset($_POST['password'])) {
-		$user_login = mysql_real_escape_string($_POST['email']);
+		$user_login = $conn_real_escape_string($_POST['email']);
 		$user_login = mb_convert_case($user_login, MB_CASE_LOWER, "UTF-8");	
-		$password_login = mysql_real_escape_string($_POST['password']);		
+		$password_login = $conn->real_escape_string($_POST['password']);		
 		$num = 0;
 		$password_login_md5 = md5($password_login);
-		$result = mysql_query("SELECT * FROM user WHERE (email='$user_login') AND password='$password_login_md5' AND activation='yes'");
-		$num = mysql_num_rows($result);
-		$get_user_email = mysql_fetch_assoc($result);
+		$true = "yes"; 
+		$sql = $conn->prepare("SELECT * FROM user WHERE email=? AND password=? AND activation=?");
+		$sql->bind_param("sss", $email, $password_login_md5, $true);
+		$sql->execute(); 
+		$result = $sql->get_result();
+		$num = $result->num_rows;
+		$get_user_email = $result->fetch_assoc();
 			$get_user_uname_db = $get_user_email['id'];
 		if ($num>0) {
-			$_SESSION['user_login'] = $get_user_uname_db;
 			setcookie('user_login', $user_login, time() + (365 * 24 * 60 * 60), "/");
 
 			if (isset($_REQUEST['ono'])) {
-				$ono = mysql_real_escape_string($_REQUEST['ono']);
+				$ono = $conn->real_escape_string($_REQUEST['ono']);
 				header("location: orderform.php?poid=".$ono."");
 			}else {
 				header('location: index.php');
@@ -68,7 +71,8 @@
 			$get_user_uname_db = $get_user_email['id'];
 			$_SESSION['user_login'] = $get_user_uname_db;
 			setcookie('user_login', $user_login, time() + (365 * 24 * 60 * 60), "/");
-			mysql_query("UPDATE user SET confirmCode='0', activation='yes' WHERE email='$user_login'");
+			$upd = $conn->prepare("UPDATE user SET confirmCode=?, activation=? WHERE email=?");$upd->bind_param("iss", $one, $true, $user_login);
+
 			if (isset($_REQUEST['ono'])) {
 				$ono = mysql_real_escape_string($_REQUEST['ono']);
 				header("location: orderform.php?poid=".$ono."");

E-Commerce Full Website Using PHP/signin.php

@@ -64,8 +64,11 @@
 		// Check if email already exists
 
 		$check = 0;
-		$e_check = mysql_query("SELECT email FROM `user` WHERE email='$u_email'");
-		$email_check = mysql_num_rows($e_check);
+		$stmt = $conn->prepare("SELECT email FROM `user` WHERE email=?"); 
+		$stmt->bind_param("s", $u_email); 
+		$stmt->execute(); 
+		$e_check = $stmt->get_result();
+		$email_check = $e_check->num_rows;
 		if (strlen($_POST['first_name']) >2 && strlen($_POST['first_name']) <16 ) {
 			if ($check == 0 ) {
 				if ($email_check == 0) {
@@ -87,7 +90,7 @@
 						";
 						if (@mail($_POST['email'],"eBuyBD Activation Code",$msg, "From:eBuyBD <no-reply@ebuybd.xyz>")) {
 
-						$result = mysql_query("INSERT INTO user (firstName,lastName,email,mobile,address,password,confirmCode) VALUES ('$_POST[first_name]','$_POST[last_name]','$_POST[email]','$_POST[mobile]','$_POST[signupaddress]','$_POST[password]','$confirmCode')");
+						$result = $conn->query("INSERT INTO user (firstName,lastName,email,mobile,address,password,confirmCode) VALUES ('$_POST[first_name]','$_POST[last_name]','$_POST[email]','$_POST[mobile]','$_POST[signupaddress]','$_POST[password]','$confirmCode')");
 
 						//success message
 						$success_message = '