is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259 
53 
Other forums
Php - mysql store data and use it later?
Hi, i' making a login page at the moment, however my username + password is stored many different pl
FlashVar function how to insert variables
Hi guys. Im new in this forum and also new in php programming. Can you help me about this code?
<
Retreiving objects from Sessions
Hi all,
I am getting really frustrated with storing and retreiving objects from a session. Bu
How To Make More Than One Redirection with PHP on the same page?
Hey im trying to do a direction page where it open differently link direction pages every time som
convert static html data into dynamic
hi all
i need to convert a website which has static above 2000 articles into dynamic and add
Custom CMS
This is a big custom CMS script I'd like to develop and would like some help atleast figuring out wh
max() problem
I have a while loop to get image names.
Code: $imagequery = mysql_query("SELECT * FROM ad_i
Filtering for a phrase using pregmatch
Here is my code which looks for addresses which start with ' src=" '
Code: [Select]preg_
Code error with Index.php
Error: Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/runevid/public_
Select question
Hi,
First I would like to say that php is pretty new for me..
so please don't shoot me if
