is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

Splitting Attributes
SQL> SELECT I_NAME, substr(I_NAME,1,instr(I_NAME,'O')) "First part",

substr(I_NAME, IN

Why does my php page download images over and over
Can anybody please explain to me why my php page keeps downloading the images and other items every

help with multi-update
Now sure how to ask this really....
10g database if that matters.

I have a customer

Image resize
Hi again fellers

I managed to sort out the issues with the folder,

Final hurdle is th

media recovery
Hi,
i startup the database i got the error

SQL> startup
ORACLE instance started.

Trouble verifying database password
Thankyou to everyone who responded to my last post (I can't find the posting, it has been buried). <

strptime() equivalent for php4 ?!
Greetings!

this is my first post, thank you in advance for your replies.

Well, the ti

mr8m - reverse document
Friends,

I'm trying to reverse a document held by MIRO, but it reports the message balan

Intrastat Report Config in ECC 6.0 - goods Movement in EU countries
Colleagues, need ur help to understand the changes require in ECC 6 standard Report configuration se

Multithreading design
Hi

I have come up with a Singleton class that manages a pool of database connections. Basical

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash