is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

LOOPing Problem
Hello All!

The following code loops through the data and displays the data accordingly. My p

BackButton Behaviour in AJAX
I have an ASPX Page AJAX Enabled!The page has a gridView and a DDL for filtering on it. The Gridview

update 2 columns by doing inner 2-column query
Hi,
is something like this possible?

update contract_all set col1,col2 =
(

RTF fomatting to email content
Im trying to sen an email with content is picked up from a rtf-file (file_get_contents('*.rtf'). Mai

subtract 1 from value entered in text field
Hi

How do I subtract 1 from the vaue entered into a text field?

Thanks

form help
this doesn't work. i want the form action to go the location.href of the submit button chosen.. how

for loop without same $i digits?
Hi,

Can some guru please advise how can I accomplish this with a simple for loop ?

I

Array becomes unset by itself?
Hi,

I have a bit of experience with PHP but not extensive. It seems I cannot store any items

While Problem
i am having a problem with a while statement here is the code
Code: [Select]<?php
sess

Content-Disposition: attachment; filename=... not working as i thought it should
taken the following code from the php.net site the script is not working.

what is not happeni

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash