is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259 
53 
Other forums
socket communication between c++/java and sending image
hi,
i have a class in c++ called win32_sockserver which creates socket to java. i am trying
data type in column definition
Hi,
I create a table with column called "Direction of Travel code ".
The travel codes in t
Uploading/Downloading files stored in MySQL database
Hey all,
This problem just came up in my website and I'm having a hard time figuring out what
cookie problem
I hv a website url
In this site main menu functionality based on cookie when user click on parti
Calling All PHPFREAKS Blackberry Users
Are you a member of PHPFreaks and have a blackberry? Well RIM just recently released Blackberry Mes
Show specific day of the week
I have been racking my brain trying to get this function to work properly and it is doing so for eve
Undefined offset when using a flat file with pipe symbols
Hi, I've got a flat file/text file which I'm currently using as a member database for my site (not a
Disable Scrollbar in TableControl
Hello everbody,
please can anybody help me - outherwise i'm going to become desperate :P<
Do While statement
hi guys,
This may sound trivial but im new to php and as part of an assignmenti have to const
Any meaningful project for a new C++ programmer?
I want to do some meaningful program, so I can help myself to learn
Assume I know the fol
