is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259 
53 
Other forums
Help to integrate whois Domain Details to website
Hi,
can i know is their any php script r methods to add domain details to my website.
Table sorting
Hi,
I'm trying to modify the following in order to make the output table sorted alphabeticall
Passing JS to PHP
So I have the following
Code: <?php
getdetails(?><script type="text/
Get keys and values from an array
Hellow,
I have an array $Data with keys and values. With a foreach I can display all the valu
Displaying a record from mysql in a simple swf file
Hi,
I have a mysql database containing information I would like to display in my swf.
constructor ?
i have written this program and made 3 constructors in the class and i want to call them in the main
need help with this contact form
I made this form and I need it to read the data and write the data to a table and its not working ca
User feedback after MySQL query has been executed
Hi all, I've just registered on PHPFreaks because I've got a question that I simply can't work out b
Had a simple form script that suddenly stopped working
It was made about a year ago and had been working fine. Last time it was known to work for sure was
How do i use vars in an array
Hiya peeps!
How do I use a var in an array. You will see $id but it isnt working.
