is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

fwrite error
Hi All,
Does anyone know what is causing the error in this code?

Code: <?
$error

Calculus Help (and by help I mean homework)
Hrmmm, I hate posting about math homework, partly because it's homework, and partly because I hate w

filesize problem
i use ubuntu 9.10 and i have mountet a folder from an windows

/mount/FOLDER
/mount/FOLDER/

Help building / using array
First - this is a cross-posting, if this is wrong I apologise! What started out as a MySQL query que

Inserting Data into a MS Access DB using PHP.
As part of my uni course I am doing a placement at a company whom want me to create a client zone fo

Is it possible to put an entire 500-page book in a database with PHP?
I am working on an intranet and I was wondering if its possible to code php with mysql to enter a fu

Certain files upload, while others do not
I want to read the data from an uploaded file. Not sure why, but it only uploads for certain files.

Help with PHP Calendar code...
Hello, I'm new to this forum and I'm glad I found it.
I wrote this code for a PHP calendar as an

Setting condidtions for an input box
Hi all,

I would like to set a condition in a txt box that says the number a user enters has t

Sending a hyperlink through mail
HI all,
I am sending a mail to outlook mailbox of a user using FM SO_NEW_DOCUMENT_ATT_S

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash