is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259 
53 
Other forums
Putting double spaces instead of single spaces
Im looking at trying to replace all single spacing between fields with double spacing
At pres
Results from Db outputted twice
Hey guys.. for come reason my data is outputted twise shown in the image below and i cant figure out
Undefined offset
The following script checks to see if the user answer matches the correct answer.
Form Fiel
Finding digits in variable containing text, and IDing them
$romanstock = "http://www.remoteprice.com/data.asp?storeid=123&itemcode=456&typ
HELP with mysql_real_escape_string
I'm looking to remove apostrophes completely when someone enters lyrics but don't have a clue how to
urldecode question
How would I format this line of code properly?
<?php echo urldecode($_GET['Title']); ?
Auto-populating dropdowns and multiple forms.
Here's what I have so far:
First drop down = select a state (works)
This populates the sec
retrieving policy name inside the function called by this particular policy
Hi there,
I've playing around with dbms_rls package, trying to set up some security repo
MYSQL gen help
This is my Mysql gen. can anyone tell me why this echos
MID(networkset.networkid, 3, 3) AS &q
Query failed issue with php script but works fine in mssql manager!
hi i have the script below which copies data from one table to another but will only insert new data
