is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

php code generators
All

Whilst enjoying learning a new language i have come accross a number of free code generat

Echoing ASCII code
I have a php page that splits a string into chars and then echoes the ASCII code for each char. I'm

Time-based image rotation script
I'm trying to write a PHP script that rotates an image based on what time of day it is. I want the

php or sql?
Sorry not sure if this is a sql problem or php the following code is supposed to delete data from th

Simple program to copy files between two computers over the web
I use logmein free and often need to move files between my two computers. Generally, I move the file

question about header() security
is is safe to just use the header() function to redirect someone if they are, say, not logged in? or

Login Script Issues
I am using a script I got from http://phpsense.com/php/php-login-script.html in order to allow peopl

PHP If Else statement for breadcrumb
Hi

I am trying to use a PHP if else statement to display a breadcrumb link on wordpress

Display last record first.
I need some help how put the last record first and first record last.

Thanks

Code: &am

Windows Authentication
I have a website which is windows authenticated.
now i want something more on this application.<

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash