is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259
53
Other forums
PHP using IF to display error
i have a MySQL query and i want to display 1 thing only if the number of affected rows is >=1
If statement help please.
Hello on my site I have 2 content boxes. 1 is for the main content (which is the biggest one) and th
search function
HI guys,
if anyone could point us in the right direction of how to do this, or provide some t
noob cURL help
I have a pretty basic form that I need to cURL post to a file in my includes folder (includes/login.
Career Change into SAP
Hai
I am sajesh ,did my diploma in Mechatronics i have a 4 years of experience in
get url?
how do i get the url of the page i'm currently on, on my website.. i think its get header.. how do i
PHP form authentication
Hi guys,
what am trying to achieve is this: Whenever a user tries to login to my website, an
Table Control
Hi Guru's,
I've created a Module pool program, which contains the Table Control.
Include a php
Hello,
I'm trying to include a function that shows the recent searches.
Example I have <
Help with Contact Form
I have this Form on an html page and the associated code on page.php (below).
I keep getting the