is this the proper use of mysql_real_escape_string() to prevent sql injections?

Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

Your Answer:

Login to answer

Other forums

Using loop to count number of entries
I'm writing a program that must ask user to type in numbers. After each entry, the program has to re

how do I show what a user have selected from a checkbox?
From my code below, how would i show which check boxes have been checked and which radio buttons sel

retrieving more than one max key from an array?
so i have an array of 20 numerical values (0-100) that i need to order from highest to lowest and th

Multiple Options for a Single Page
For this example I want to use the Handlers option which is under Fed Admin and all the related codi

FlashVar function how to insert variables
Hi guys. Im new in this forum and also new in php programming. Can you help me about this code?
<

button.click += new eventhandler() not works in if(!ispostback)
i want to use button.clcik event in function VIewScrap() which is called in if(!ispostback) but itdo

sql problems
I am having a small problem with my sql statement. it is inserting into 4 of the fields.

fie

Can anyone give me some link on .htaccess tutorial
i wish to have friendly url using .htaccess, but no idea yet about this

Hope that anyone cou

how to load a Sys file with system load and call images?
normally you need register the module as a service with CreateService, and start the service

InternetOpenUrl() Invalid cert
Hi all,

Does anyone know how to prevent calls to InternetOpenUrl() from failing with erro