is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259
53
Other forums
Collecting AOL Search Terms
I am attempting to collect AOL search terms. I know the code is correct (it works for google, bing,
Ariba 9r - SAP MM Integration
Hi experts,
The standard Ariba adapter for 9r creates a relationship between Cost Centers
Java API in PHP?
I have an application that we use internally here at the office.
The software company provide
Taylor Series Function
So I am working a a project for my intro C++ class, and I am having some trouble with a function for
Why will this program not run if the variables are not global?
Hey guys I have a kind of perplexing situation that is probably simple, but I can't seem to understa
Progress bar tracking file downloads
Hey guys, was wondering if there was a way to track how far a file has been downloaded. I know there
Greek characters in php
Hi,
I'm making a script and I m using for first time greek characters.
I started to write
C++ API to Oracle dB
I need to perform a select command to the Oracle dB to obtain information from a table.
What libr
Help please - How to validate from 2 possible answers
Hi
I hope somebody can help me with what will probably be really simple, I'm pulling my hair
Help pulling in 'id' with "read more" link
I'm trying to create snippets of my articles in the cms I'm creating, and then have them redirect to