is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>
No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

Keeping data in form
How can I keep whatever I write in the form?

Multiple Options for a Single Page
For this example I want to use the Handlers option which is under Fed Admin and all the related codi

php code to accept and delete incoming data
Using following HTML Code please show me how to write PHP code to accept and delete the incoming dat

mysql UNION | warning mysql_fetch_array !!
Code: <?php
$i = 0;
$query1="SELECT * FROM `products` WHERE `div

DELETE FROM not working deletes wrong row
Hello

I have the following code which i found but it doesnt work properly.. it comes up with

building a function with multiple outputs
I want to build a function that has multiple outputs.

I know but am not to sure how I should

Not showing whole name with mail () script
I sent up a simple mail form with the PHP mail() script. One problem is when it sends an email with

help with this code please?
Hello,

I am trying to build a remote upload script for my image hosting site.

I am usi

Typedef struct vs just struct
Anyone know the rationale for using typedef for structs when a struct is itself a typedef? I have s

mails going in spam??
The mails I sent to folks in my database using mail(function) are going in spam??

Any idea ho

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash