is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

Help With editting and deleting form
So look at this image :

http://img194.imageshack.us/img194/8272/snapshot5f.png
This table

session checking in page load
hai all I have a web site is www.Mryas.com in this my login page is Page1.aspx its co

radio button reamains checked
Hello i'm trying to keep the state off my radio buttons so it shows which ones where clicked after t

Code error with Index.php
Error: Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/runevid/public_

Multiple websites question.
Hi, does php have any functionality that enables a programmer to extract information from a website

EXplanation help
Hey all,

I am still fairly new to PHP programming and I am trying to put together a page wher

MySQL Does not UPDATE- SQLString Problem
vb Syntax (Toggle Plain Text) 1. SQL = "UPDATE sampletable SET column1 = 'C1sample1'"

php redirecting
i wont open a new thread but i have a question about redirecting....
i wonder why my code doesnt

is_dir() problem
Hello,

I'm buidling a php scripts that dynamically get's subfolders from a specific folder.

Simple program to copy files between two computers over the web
I use logmein free and often need to move files between my two computers. Generally, I move the file

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash