is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

whats wrong with my code please help!!!
this is the error


Warning: mysql_close(): supplied argument is not a valid MySQL-Link res

Pagination
Hi All,

I think I'm finally getting somewhere with pagination!

I can now submit a quer

getting a website's source code as a variable? How?
Hey guys, is there any way for me to get the source code of a website as a variable for me to work w

Stumped by Third Day of Month problem
I am trying to build an algorithm that will essentially do this:
Code: [Select]$this_month = Oct

Parse error: syntax error, unexpected T_ELSEIF in /home/......html/item.php on l
I do not know what is wrong with this. Hope some one can help. I do nto want to post the entire site

can i optmize image to 50% quality before uploading 2 server
Hi there

i have jus written a php program to upload and display images but when i try to uplo

CE 7.1 and External GIS integration
Hi All,

We want to develop an application on CE 7.1 which uses GIS features from an exter

Breaking results into week blocks
I have a set of dates (and times), which are returned from a mySQL query.

These usually span

Quick variable question
hey guys/gals,
im trying to write a php script and it works fine as i have it, but i need to set

Stuck with preg_replace
Hi,

I'm trying to use preg_replace to remove part of the IP address submitted using a form on

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash