is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

moving mouse to display image coordinates
I have an existing MFC application that shows an image in the main window.
I'd like to be able to

db entry based on primary key
My "topics" table contains 10 entires
*--------------*
topicid topic
------

Casting Decimals in Oracle
This code worked as a query in DB2, but I am not sure what the syntax is for casting decimals in Ora

need help with date function
i have following form for date

Code: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01

first few characters only
hi, does anyone know how to use PHP to take the first few words of a text and limit them? i have see

Execure stored procedure on a timer
Can someone tell me an easier way to execute a stored procedure on a timer? I am using Oracle 10g R

MS Exchange 2007 integration with ECC 6.0
Hello Experts,
We have ECC 6.0 and MS Exchange 2007. We need to integrate ECC 6 and MS Excha

How To Make More Than One Redirection with PHP on the same page?
Hey im trying to do a direction page where it open differently link direction pages every time som

query help
Hi experts.

i have a table rep2 like this
PROD_COD ACCT_NO DUE_DAYS BALANCE

question about stripslashes and real_escape_string
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I hav

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash