is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259
53
Other forums
Multi dimensional arrays
If I put in this code:
1
2
3
4
5
6
7
8
9
10
11
12
13<
Anti Spam Code Problems
Ok where do i start? Probably by telling you I have very little working knowledge of PHP and that I
Sending CC Info by email
I am a little bit less knowledgable in the security area as most developers and I know I have a lot
php multiple action on submit
I have a form which says:
<form enctype='multipart/form-data' method='post' action='pr
Simple MySQL query...
Hello,
How could I do a mysql query that does this: SELECT * WHERE date/time < 5minutes ag
Members Only
Hi all, for my website i have a members area only which on members can veiw, but at the moment anyon
PRotect my POST DATA... FROM HTML ATTACKS
I need to like let's say
If a user submit's his Prayer and he put's <meta refresh stuf
How to show a complete textarea ??
I enter Client Case Notes notes in a textarea field on a PHP form. The field is 5 rows deep and 70 c
Odd or Even
Inside of a while loop I need to echo several rows of info...easy enough.
In the loop (for th
System copy error in RUN ABAP REPORT PHASE
Hi,
I am performing system copy on my test server. I have previously taken export of JAVA + A