is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>
No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

try catch error
I have been trying try catch but, I can't get it to work. The code opens a non existing file called

Keeping track of php uploads
Hello all.

I was looking at the way PHP handles file uploads.
It seems that PHP uses a tem

Filtering for a phrase using pregmatch
Here is my code which looks for addresses which start with ' src=" '

Code: [Select]preg_

Retrieving Data from Two Different Databases
Hello All,

Ran into another problem and would appreciate some help! I have two datab

help with Get_
ok some how this is not working i am not sure what i am doing wrong here but what this does is when

serializing objects - loses methods - the point being?
Hi

I know that serializing an object will lose the methods. But whats the point in that? What

A little help in c#
i am doing a simple paint program using c# i want to draw with the mouse so i wrote the code of the

php forms and database navigatio
Hello,
I'm new to php and i'd like to post the following.
I have written code to get records f

Searching keywords from array
Hello everyone, Im just wondering if someone could help me with another issue im having. Im still le

Using loop to count number of entries
I'm writing a program that must ask user to type in numbers. After each entry, the program has to re

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash