is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

PHP Error
On my .php page I have a drop down box that has several names in it. When a user clicks the name &am

How to give the privillege for triggers?
Hi,

How to give the privillage for triggers to particular user?

Please let me

Need help with cin setw
I made a program here is my code:

#include
#include
#i

Changing color in GD via variable?
Hey guys, I'm new here. x)

I'm very much a noob when it comes to PHP, but I'm trying to learn

Transferring session variables into MySQL
I am trying to transfer $_SESSION variables into MySQL. However there is an error in my MySQL statem

How to Create a Dynamic table
col1 col2 date1 date2 date3 date4..........
a b v1 v2 v3 v4

Php If in MySql query (hiding labels if a field is empty)
Okay, I've been trying to do this for a while, and I'm finally going to ask for help so I can get th

How to Handle more than one submit button in single form?
Hi
I have one PHP file which contains one Form. In this form there are two Submit type Buttons

Module pool selction screen parameters combination logic
Hi floks,
Am new to the module pool development ,Recently i have created one program based on

If a record matches an existing record do nothing
So I don't know if I should put this here or in mysql, but what my script is for is for people to ad

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash