i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
Custom CMS
This is a big custom CMS script I'd like to develop and would like some help atleast figuring out where the best place to start would be.Website PagesBackstage 2 provides website pages for the
unexpected T_VARIABLE error
Hey all! I'm getting an unexpected T_VARIABLE with the following function:function getHighestParentName($id = $this->cid){ $cat = mysql_fetch_assoc(fsquery('getParentCategories', $id));
PHP Mysql Staff Induction System
Hi there, I'm pretty new to PHP and Mysql so could really do with being pointed in the right direction with this problem I have.I am trying to set up a system induct new members of staff onto their
Newb advice
Hi all,I'm a flash front end designer and I've taken on a project that needs some back end php.It's not completely greek to me as I write actionscript in flash which is an OO language.However... I
links using header()
Hi AllI'm not sure where to ask for help on this but I hope someone can offer some. I'm at the point now where I'm trying to make my website live and the problem I've come across is updating my
A rank users order by points
I want to make an insert from table 'rank' , with number (rank) from the cod blow, to fild users.rank ...set @rank := 0;select @rank:=@rank+1 'rank', users.username, users.points from users order by
Problem writing URL into database
How would I write this into the database?<?php echo "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']; ?>I tried this:Code: $url =
array empty
Hiya peeps,Ok here is the codes.order.phpCode: <?php if(!isset($_POST) OR empty($_POST)) { echo
DateObject and Nulls
Hi all,I have an array mapped to a value object. One of the items in the array is a PHP DateObject, and I need to format this field appropriately.When looping through the array, I pass this field to a
Setting condidtions for an input box
Hi all,I would like to set a condition in a txt box that says the number a user enters has to be in the following format###-#-##-##Would I use PHP to do this or is it part of the HTML form?
