is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259 
53 
Other forums
getting a website's source code as a variable? How?
Hey guys, is there any way for me to get the source code of a website as a variable for me to work w
Preg_match unknown modifyer
Hello,
Im trying to write a little script for my forums i need to get the reply from my forum
Scheduler problems related to execution of a single BLT by many schedules
Hello all,
We are running several MII instances in a distibuted architecture using a sing
question about stripslashes and real_escape_string
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I hav
Email "$"
Hello!!
Any PHP guy with a bit of a knowledge in Flash ?
When I send a JPEG from flash
script is pulling more then they have....
I have this script for my game where they can change there race. This will cost them 2,500 points. H
Strip Slashes Help
I've got a script that i've downloaded of the net to edit multiple fields from my sql database, and
Random date selection
i want to select random date with time(hour+minutes+sec) where date is specified(10/22/2009) and tim
$variable = $variable
Hello
Sorry if this is a really simple question but I have run out of ideas. Is there a reall
Sharing PHP Sessions Across Domains
I am in the process of writing a script to share a php session across various domains I have.
The
