is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>
No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

upload only text files
hi guys i want to upload only text like like (pdf,note pad and ofiice files) so can any one please t

PHP code for a proxy
I was wondering which function I could use to create an online proxy tool. I was thinking cURL would

Count
Getting the same count everytime

Code:
$visitquery = mysql_query("SELECT COUNT(*) FR

Adding Outlook 2007 items via file upload
I am looking for a way to be able to attach an Outlook item (an email message) in an ASP.NET 3.5 app

update 2 columns by doing inner 2-column query
Hi,
is something like this possible?

update contract_all set col1,col2 =
(

Can we convert non uni code system into unicode
Hi All,

Presently i am using non-unicode system and the sap version is 4.7.
Can i c

constructor ?
i have written this program and made 3 constructors in the class and i want to call them in the main

From Header Showing 'Unkown' In Hotmail? Why?
Code: $to = $row_GetID['email_addr'].',sales@mywebaddress.co.uk';
$subject = 'Thank you for you

Access website from only 1 computer...?
One of my customers wants his website to only be accessed by people in which they bought the website

To add a field on the screen XK02.
Hi All,

How to add an additional field in the vendor change control screen XK02.
The

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash