PHP PDO Login script not working

Question

Another newbie here.. I\'m trying to fix below code to prevent sql injection and learn the new way of writing php and sql.

Your kindly advise would be greatly appreciat

Answer 1

Here is some example code on how to use PDO and prepared statements:

$dbh = new PDO('mysql:host=hostname_or_ip;dbname=name_of_database', 'username', 'password');
$stmt = $dbh->prepare("SELECT * FROM users WHERE id = :id AND pswd = :password");
$stmt->bindValue('id', $id);
$stmt->bindValue('password', $password);
if ($stmt->execute()) {

    if ($user = $stmt->fetchObject()) {

       // here you go 
    }
}