is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259
53
Other forums
Implementing Single Sign-On using SAML 1.1, x.509, LDAP in C#.net
Hi,
I got a requirement from the client i.e implementing single sing on using SAML 1.1( LDAP &
Clean URLs
Hi I was wandering if anyone has ever implemented URLs on their PHP run website using URLS like wiki
cURL error
So here is my code... I got it off of here... http://www.youtube.com/watch?v=XcgQUsorF_8
Because
Save data in input fields when they press "BACK BUTTON"
Hi, this is html form: And let's say they get a error "Please enter ur title must be more then
present value of sequence?
Hi
Please help me to find out the present value of sequence?
Thanks
$_FILES array
Ok,
I just started experimenting with PHP today. My goal right now is to have people be able
Not adding to db
Hi, I can't figure out why it won't add the record to the database. It's just a simple form to get
Problem with Subscreen
Dear Experts ,
I am facing a problem with the subscreens. My senario is as follows :
LIMIT $start, 10... how to pass last value queried into next page with GET??
Ok I know how to display the first or last 10 results of a query...
$result = mysql_query(&q
recrawling
Can anyone suggest me how may i know a page is updated before it is being downloaded, so that i can