is this the proper use of mysql_real_escape_string() to prevent sql injections?

Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

Your Answer:

Login to answer

Other forums

unoconv doc convert to pdf code prob
PHP/5.3.1

Hi. I am trying to use this code to convert docs to .pdf utilizing unoconv. Howe

How to ... (FAQs)
... get e-mail notifications As several people asked how to get e-mail notifications when new posti

Show message after entering data
Hello Colleagues

I would like to display messages after entering the data example: "
dat

Calculating a rating by adding number of points and dividing by number of items
I have a site that users can post links to files to download. They can rate these files on a 1-5 sca

Coding Critique
I was hoping someone could take a second and look down my code and see if they see any problems with

Remove values in array2 from array1
I have two arrays.

Array 1 is where the array key holds various different numbers. For exampl

gettext translates ALWAYS?
I'm using gettext with the new version of XAMPP (5.3.0) on Windows Seven RTM (build 7600)
gettext

Help with Password Encoding/Decoding?
Trying to design a "change password" tool. On my signup code I'm using base64_encode, now

php global variable
how can we create global variable so we can use its value in any form.. Please give example to

Remore client postprocessing phase getting dump SAPSQL_ARRAY_INSERT_DUPREC
Hello Expects,I have started remore client copy. Data was copied successfully. but while running pos