is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

how can i expire the submitted page using session.
hi,
i'm new to php world.
i'm using "post" method.
when i submit it,data goes to

How to extract/download content from HTTPS page?
Hello to all the Members of this forum, Im Shoiab, A novice programmer in php.. for my first job I h

Using unserialize()
Hi there.

I have some data in my database that is serialized.

e.g.

a:2:{i:0

Syntax Help
Code:


im having trouble with that code snipped
Parse error: syntax error, unexpec

how can i display php source code snippets ?
I am outputting some pho code .. and I want to display the source code so people can copy and paste

Form validation with functions
Hi there

I am trying to make a very simple form validation function. I currently have the fol

GET vs SUBMIT Button to show sections on one index.php page?
Just curious if one of these ways is better (i.e. more efficient) than the other.

I have a

PHP Cannot redeclare class
I have 6 files, and two of them do not seem to want to play well. I keep getting a "Cannot rede

What's best way to get a user's Word doc converted to simple html and images?
Hi all,

I was just wondering if anybody has any experience of this.
Basically, I'm buildin

Inserting 100x and 100y coordinates in mysql table - easy
Is there a way to insert this data into a mysql table named 'map' with the fields: 'x int 3' , 'y in

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash