convert from mysli to pdo

I have problem regarding using PDO during to make SESSION. This is my mysqli coding to make a SESSION that did not have any problem.

    if (isset($_POST['submit'])) 
    {
        $idno = trim(addslashes($_POST['idno']));
        $password = trim(addslashes($_POST['password']));

        if ($idno != '' && $password != '') 
        {
            include ("includes/db.php");

            $sql1 = "SELECT member_id, member_level, member_status FROM member
                    WHERE member_id = '$idno' AND member_pass = '$password'";
            $result1 = mysqli_query($con,$sql1) or die('Query failed. ' . mysqli_error());
            $row1 = mysqli_fetch_array($result1, MYSQL_ASSOC);

            $sql2 = "SELECT advisor_id, advisor_status FROM advisor
                    WHERE advisor_id = '$idno' AND advisor_pass = '$password'";
            $result2 = mysqli_query($con,$sql2) or die('Query failed. ' . mysqli_error());
            $row2 = mysqli_fetch_array($result2, MYSQL_ASSOC);

            $sql3 = "SELECT mpp_id, mpp_status FROM mpp
                    WHERE mpp_id = '$idno' AND mpp_pass = '$password'";
            $result3 = mysqli_query($con,$sql3) or die('Query failed. ' . mysqli_error());
            $row3 = mysqli_fetch_array($result3, MYSQL_ASSOC);

            $sql4 = "SELECT hep_id FROM hep
                    WHERE hep_id = '$idno' AND hep_pass = '$password'";
            $result4 = mysqli_query($con,$sql4) or die('Query failed. ' . mysqli_error());
            $row4 = mysqli_fetch_array($result4, MYSQL_ASSOC);


            if (mysqli_num_rows($result1) == 1) 
            {   
                $_SESSION['idno'] = $row1['member_id'];
                $_SESSION['level'] = $row1['member_level'];
                $status=$row1['member_status'];

                if($status == 'Active') 
                {   
                    if($_SESSION['level'] =='1')
                    {
                        echo("<SCRIPT language='javascript'> 
                        window.alert('Login Successful, Welcome Club Member!!');
                        window.location='~/../member/index.php?member_id=$idno' ; 
                        </SCRIPT>");
                    }   

                    else if($_SESSION['level'] =='2')
                    {
                        echo("<SCRIPT language='javascript'> 
                        window.alert('Login Successful, Welcome Committee!!');
                        window.location='~/../committee/index.php?member_id=$idno' ; 
                        </SCRIPT>");
                    }
                }
                else
                { echo("<SCRIPT language='javascript'> 
                        window.alert('Login Unsuccessful, Your status is currently inactive!!');

                        </SCRIPT>");} 
            }

            else if(mysqli_num_rows($result2) == 1)
            {   
                $_SESSION['idno'] = $row2['advisor_id'];
                $status=$row2['advisor_status'];
                if($status == 'Active') 
                {

                    echo("<SCRIPT language='javascript'> 
                    window.alert('Login Successful, Welcome Advisor!!!');
                    window.location='~/../clubadvisor/index.php'; 
                    </SCRIPT>");

                }
                else
                {echo("<SCRIPT language='javascript'> 
                        window.alert('Login Unsuccessful, Your status is currently inactive!!');

                        </SCRIPT>");}
                }
            else if(mysqli_num_rows($result3) == 1)
            {   
                $_SESSION['idno'] = $row3['mpp_id'];
                $status=$row3['mpp_status'];
                if($status == 'Active')
                {echo("<SCRIPT language='javascript'> 
                    window.alert('Login Successful, Welcome MPP!!!');
                    window.location='~/../mpp/index.php?mpp_id=$idno'; 
                    </SCRIPT>");

            }
            else
                {echo("<SCRIPT language='javascript'> 
                        window.alert('Login Unsuccessful, Your status is currently inactive!!');

                        </SCRIPT>");}
            }

            else if(mysqli_num_rows($result4) == 1)
            {   
                $_SESSION['idno'] = $row4['hep_id'];

                echo("<SCRIPT language='javascript'> 
                    window.alert('Login Successful, Welcome HEP Staff!!!');
                    window.location='~/../hep/index.php?hep_id=$idno'; 
                    </SCRIPT>");

            }
        }
    }

?>'

I want to make the system more secure that’s why I choose using PDO rather that mysqli. But I’m too new in PDO world because of PDO has to much special syntax.

Please help me convert this coding into PDO style. Only a certain part is already enough to me to learn PDO.

In order to help you I’ll convert just one SQL query for you learn from that (don’t copy paste).

PDO is fun and full of functions I’m also still learning.

Also I see that your code is not secure even with mysqli_* because you’re not using prepared statements you’re just binding the variable value directly in side the SQL you really don’t have to switch to PDO you can use prepared statements with mysqli_* as well.

But PDO is kind of a global compared to mysqli_* any way here is the small help you want.

your code.

$sql1 = "SELECT member_id, member_level, member_status FROM member WHERE member_id = '$idno' AND member_pass = '$password'";

$result1 = mysqli_query($con,$sql1) or die('Query failed. ' . Mysqli_error());

$row1 = mysqli_fetch_array($result1, MYSQL_ASSOC);

My code,

$sql1 = "SELECT member_id, member_level, member_status FROM member WHERE member_id = :idno AND member_pass = :password";
$sql1Query = $con -> prepare($sql1);
$sql1Query -> bindParam(':idno', $_REQUEST["idno"]);
$sql1Query -> bindParam(':password', $_REQUEST["password"]);
$sql1Query -> execute();
$$sql1Row = $$sql1Query -> fetch(PDO::FETCH_ASSOC);

Using prepare statements will help you to secure your code more so I recommend you read more on using prepared statement.

  • PDO prepare statements
  • mysqli_* prepare statements

Use this $result1 =$conn->exec($sql1); where $result1 = mysqli_query($con,$sql1);

And use
$row1 = $result1->fetch(PDO::FETCH_ASSOC)
where
$row1 = mysqli_fetch_array($result1, MYSQL_ASSOC);

See Examples here.
http://php.net/manual/en/pdostatement.fetch.php