is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

date function help
i need help with date function

Code: [Select]<!DOCTYPE HTML PUBLIC "-//W3C//DTD H

undefined offset help
Hi All,

I kept getting undefined offset PHP notice for a simple for loop. For eg
$va = arr

unserialize help, getting errors
hi all ,
I got a form with 6 fields (2 input and 4 select box), when the page loads one block is

While Problem
i am having a problem with a while statement here is the code
Code: [Select]<?php
sess

Upload Code Help
Hi everyone I need some help with a bit of code ive been working with for a while. I am completely s

Include with Parameters
In a particular page I would like to include a file that requires $_GET parameters.

when I go

Last character removed
I have created a string from an array. I have inserted commas from my form values. I am trying to re

does anyone know a php script to send mail using gmails/googles free smtp server
cause i heard u can do that but i dont know how

Solution to the FindControl problem
I have seen may posts about having problems with the FindControl method. Most seem to come about bec

Help with PHP Calendar code...
Hello, I'm new to this forum and I'm glad I found it.
I wrote this code for a PHP calendar as an

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash