is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259
53
Other forums
Strange array issue, never happened before.
mysql_fetch_array returns 1 array per call. Generally that's why it is inserted into a while statem
help with calculations on a flat text file
hello,
I have this code below that is attached to a flat file like this:
Email:LastName:FirstN
Check premium expire
Hi,
I am making a simple file hosting site and want to check if users premium subscriptions h
[newb] Image hosting help.
Hey there, I'm new to php, I know some basics and i can code PWN, I'm only 14 but I'm interested in
session_destroy();
new to php
I have a simple login and am trying to write a logout.
I set a $_SESSION var to 1 i
pointer 102 question
I read a book
1
2
3
4
5
6
7
8
9
10
11
12
int main()
{
urldecode question
How would I format this line of code properly?
<?php echo urldecode($_GET['Title']); ?
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
what is wrong with this
Code: [Select]<?php
if ($_SERVER['HTTP_REFERER'])
{
Beginners syntax and loop questions - help please!
Hi everyone,
I have some problems with php code. I'm currently in the middle of learning php,
convert static html data into dynamic
hi all
i need to convert a website which has static above 2000 articles into dynamic and add