is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>
No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

Calander Basic Spript help
hi, just starting out with PHP and have the following script:

<?php
//This gets t

problem when runing a funciton
I am trying to connect to database using a funciton in a functions.php

<?php
funct

SAP FICO learning materials
Hi all,
I am new to this world of SAP FICO. I have taken training on SAP FICO, but was wonderin

Strange Oracle Query problem
Ok So I have this PHP class that talks to a Javascript class that basically creates a table of infor

Undefined index: username HELP NEWBIE
I am trying a simple login/logout for my website. It works well with checking if the username exists

order by date not ID number help php
I am trying to orginize the following code to order by date not id number.
any help would be grea

using a loop help
Hi guys , i need some help. I have this loop :
while ($row = mysql_fetch_assoc($Result)) { ?&

Mouseover to edit (Ajax)
hi friends, can anyone help with the code behind to get this application working, please in VB (new

javascript in php code causes page to display white
Hi All,

Odd one this, I've got the following code (below) which is a simple log in form. The

Echo multiple lines of html code
Hi guys,

I would like to know if there is a way to echo multiple lines of html codes.

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash