is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

Simple Question
I know this is a simple question, that if I knew what it was technically called i could probably loo

How can use this array as a key?
Say I have this array for example:


print_r($array);

Prints:
Code: [Select]Array

Making multiple rows with one query
I have a table called efed_handler_characters with two fields handler_id and bio_id. What query 2 is

Quick fix: Conditional statement with an array
Hi, I'm getting the temperature value off of the Environment Canada website along with the icon file

php call servlet
I have done a php backup application .
So there is a form that user pick some files to zip and d

reating a background image
I am building a site in drupal and have a php form in it, due to certain annoyances with module buil

Multiple Options for a Single Page
For this example I want to use the Handlers option which is under Fed Admin and all the related codi

php web service error
hey guys,
I'm working on a project requires the use of web services. I've been trying a few tutor

help retrieiving results and doing pagination
Having some trouble trying to get the results to show on more than just one page.

What is ha

Class not found error
I am getting Class 'index' not found in Eval function:

//write config

$pat

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash