is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259 
53 
Other forums
PHP webpage & array print issue
I have this code running, and it works perfectly … however, see my bottom bit about what I see
VAT
how should I deal with VAT?
if I have a product that costs £5.00 and VAT @ 17.5% (£0.87
Seperate team from score
I am writing a site that does a NFL Pick 'em type application and I have a feed that gives me the sc
Something Non-Traditional. Can we solve?
I have an idea for an application here. It's mostly flash, but it couldn't work without a somewhat n
Drop Down and text box issue
Is it possible to set a drop down list and text boxes to a certain width?
here is my code
Multithreading in Oracle (Java, SQLJ, Pro*C,??) on 10g
I am investigating how to run a Java stored procedure in multithread mode.
I know that if I chang
disable all input buttons
Hello Friends,
suppose i do have a file ( file.php ) has a submit button
Code: [Sele
A little help in c#
i am doing a simple paint program using c# i want to draw with the mouse so i wrote the code of the
Include ("Absolute Path") of a file?
I'm not sure what I'm doing wrong. I am writing my php code in the same directory of the file that
Multithreading design
Hi
I have come up with a Singleton class that manages a pool of database connections. Basical
