is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259 
53 
Other forums
DOMDocument parsing
Hello, I am parsing an xml file from an API which I have converted into a DOMDocument in php. This i
Calender Not Opening
The following code is not loading the javascript calender in another window. It's not doing anything
PHP time (deadline within one week)
I have a column ['projdue'], which stores the deadline for a project.
I have PHP code and <
Access database inside of a validation class
Hello,
For quite some time, I have been using functions to validate form input and access the
Simple MySQL query...
Hello,
How could I do a mysql query that does this: SELECT * WHERE date/time < 5minutes ag
PHP IMAGE UPLOAD SCRIPT
Hi for the last week i have been looking for scripts that will upload a photo to a certain folder wh
UDS 4.0 Datatype issue
UDS 4.0.322 -- connecting to NI Labview 9.0
When using connection method: Cache with live
PHP Code To Change Font Color in Table Cell
I would appreciate help with the following snippet of my php code. I am just trying to change the f
rand() function
just a general question guys a girls, is the rand() function 100% random or is it based on time?
storing video files into mysql in php
hi
i have my video files in my folder ,
i have to store the path of the videos into db an
