is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>
No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

Calculating a rating by adding number of points and dividing by number of items
I have a site that users can post links to files to download. They can rate these files on a 1-5 sca

Character Set Setup
Whats the best character set to use if you want every character to work, and also how do you make yo

IIS on 2003 anon access disabled issue
I have an IIS server that belongs to a domain, and anonymous access is turned off for all my sites.

SAP Project Module
I have seen in the SAP Project Module,plan cost and budget are not equal and even difference is sign

Simple MySQL query...
Hello,
How could I do a mysql query that does this: SELECT * WHERE date/time < 5minutes ag

Join Query Help
Hi all,

I am having problems with the below code, which we shall call 'my first join query'!

Inserting a variable in a link
I have this code that I want to insert for my own variable but I have no idea how. This is what I wa

Accept only alpha characters
I've got this bit of code ready for accepting a phrase:

Code: if (!eregi ("", $_POS

Pop-up Banner
Hello Friends,I need to use banner in our client site.Example: www.example.com if i enter this site

registration form
first time posting. did some searches but didnt find exactly what i am looking for. dont flame cause

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash