is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259
53
Other forums
Calculating a rating by adding number of points and dividing by number of items
I have a site that users can post links to files to download. They can rate these files on a 1-5 sca
Character Set Setup
Whats the best character set to use if you want every character to work, and also how do you make yo
IIS on 2003 anon access disabled issue
I have an IIS server that belongs to a domain, and anonymous access is turned off for all my sites.
SAP Project Module
I have seen in the SAP Project Module,plan cost and budget are not equal and even difference is sign
Simple MySQL query...
Hello,
How could I do a mysql query that does this: SELECT * WHERE date/time < 5minutes ag
Join Query Help
Hi all,
I am having problems with the below code, which we shall call 'my first join query'!
Inserting a variable in a link
I have this code that I want to insert for my own variable but I have no idea how. This is what I wa
Accept only alpha characters
I've got this bit of code ready for accepting a phrase:
Code: if (!eregi ("", $_POS
Pop-up Banner
Hello Friends,I need to use banner in our client site.Example: www.example.com if i enter this site
registration form
first time posting. did some searches but didnt find exactly what i am looking for. dont flame cause