is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>
No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

cURL error
So here is my code... I got it off of here... http://www.youtube.com/watch?v=XcgQUsorF_8
Because

Click counter to ignore traffic from search bots
I have a click counter on my site that...well, counts the number of clicks a link gets on the frontp

Schedule editor
Hi,

I have a question related to Schedule editor.
If we schedule a BLS for every 30

Multiple submit forms inside a mysql array page
Hi all,

Im having trouble to get the beneath script to work the thing i can't seem to get wor

Solution Manager BPR
Does the SolMan-BPR-ARIS-Integration (http://www.ids-scheer.com/en/ARIS/ARIS_Platform/ARIS_Business_

session variable problem
Session variable is not working in Fire fox i am getting null value but it is working fine in IE.

error checking breaking my code
Hi there, OK first of all, big apologies for what I assume is really fundamental errors in the struc

Mail functionality from localhost to server
Hi

I am facing problem of mail functionality.

When i tested mail functionality in my

array_combine() trouble w/csv file
I have a problem with a piece of code I wrote to import some records from a csv file into mysql. I h

Update not working ... please help
Hi,

I am trying to update a row using an edit form by passing id of the row .. but it is not

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash