Update the script to use PDO instead of mysql_* functions

checklogin.php

@@ -5,8 +5,15 @@
 	include_once 'config.php';
 
 	// Connect to server and select databse.
-	mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
-	mysql_select_db("$db_name")or die("cannot select DB");
+	try
+	{
+		$pdo_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
+		$db = new PDO('mysql:host='.$host.';dbname='.$db_name.';charset=utf8', $username, $password);
+	}
+	catch(Exception $e)
+	{
+		die('Error : ' . $e->getMessage());
+	}	
 
 	// Define $myusername and $mypassword 
 	$myusername = $_POST['myusername']; 
@@ -15,16 +22,14 @@
 	// To protect MySQL injection
 	$myusername = stripslashes($myusername);
 	$mypassword = stripslashes($mypassword);
-	$myusername = mysql_real_escape_string($myusername);
-	$mypassword = mysql_real_escape_string($mypassword);
-	$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
-	$result=mysql_query($sql);
+
+	$stmt = $db->query("SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'");
 
-	// Mysql_num_row is counting table row
-	$count=mysql_num_rows($result);
+	// rowCount() is counting table row
+	$count = $stmt->rowCount();
 
 	// If result matched $myusername and $mypassword, table row must be 1 row
-	if($count==1){
+	if($count == 1){
 
 		// Register $myusername, $mypassword and print "true"
 		echo "true";
@@ -36,5 +41,6 @@
 		//return the error message
 		echo "<div class=\"alert alert-danger alert-dismissable\"><button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-hidden=\"true\">&times;</button>Wrong Username or Password</div>";
 	}
+
 	ob_end_flush();
 ?>