is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259
53
Other forums
"SEO" URLs
Hey, I'm wondering how to go about creating and using these types of URLs. I'm presuming it's PHP th
mod_rewrite.c on windows ??
why it's not working on windows while it's working on other hosts???
this is the code i got
Session
I am having a little trouble with a session. Not sure if it is my browser or what. I know I do not
BackButton Behaviour in AJAX
I have an ASPX Page AJAX Enabled!The page has a gridView and a DDL for filtering on it. The Gridview
Need help with unexpected T-STRING error
I'm a newbie and I'm still learning PHP. However this error has me stumped. I've googled, searched t
FROM_UNIXTIME($phpdate);
Hello,
I tried to use this :
$date = FROM_UNIXTIME($phpdate);
ANd I was t
Different actions for different parts of a string
<?php
function dosomething($string, $else = '') {
if (empty($else))
$string
Limiting uploaded file type
Hi. First post here
I am working on a simple upload script, and I need it to limit the allowed f
Multi language - seo links
Im trying to figure out the best method to have a multi language website that will function with seo
FAGL_FC_TRANSLATION FAS52 New GL ECC 6.0
Hello,
The new program for Translating GL Balances (FAS 52) gives the option to use diffe