is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259
53
Other forums
Help With editting and deleting form
So look at this image :
http://img194.imageshack.us/img194/8272/snapshot5f.png
This table
PHP Tab Control
Hi All,
I would like to have PHP tab control with/without Javascript.
But I want to r
Remove directories not empty
hi,
i have an array that contains some names (1,4,6,56...). Every integer is a name of a folder.<
Staff Induction System - No idea where to go from here!!!
Hi there, I'm pretty new to PHP and Mysql so could really do with being pointed in the right directi
Help with lottery style system?
I'm working on a currency system for forums and it is going to have a type of lottery system built i
Basic Question about Threading and PHP...
I have a page that I am working on and it is taking several hours to process. The basics of what th
date function help
i need help with date function
Code: [Select]<!DOCTYPE HTML PUBLIC "-//W3C//DTD H
problem in pagination when processing with selectbox form
Hi,
I have a search form, with select boxes, if am selecting the value from the form, it work
New Search Engine
Hey everyone,
I have a ZIP Code Radius search engine already functional. it displays all of t
Help: problem with Headers to download PDF file
Hi,
I'm trying to implement a script where when a user clicks a link he gets a PDF file to op