is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259
53
Other forums
Undefined Variable: PHP_SELF, pls help
Hi,
Im a newbie on PHP / MySQL programming and Im running a script to search one field on my
Had a simple form script that suddenly stopped working
It was made about a year ago and had been working fine. Last time it was known to work for sure was
PHP/PKI
I am trying to set up a web application that uses pki. does anyone have a good tutorial to set this
Help with forum quoting?
Hi im working on a forum and I have alomost finished it but i want a user quote system like twitter
Echoing If Function?
A script I am using has If statements in the comments form to basically tell the form what to do. Cu
Parse XML
Good day,
I use oempro software and try to parse XMLReturn but it's not working for me, simpl
ob_ dynamic content
i was wondering about the potential to use ob to create a <div then remove it when the page
do while conditions
i want to display 6 images in a 2x3 table
now what would be the correct logic to
count that th
Multi Dimensional Array Append
Hi Guys
I have a function that returns a multidimentional array eg
$result = functio
PHP Session Issue
I'm having an issue with one section on my website dealing with sessions. Now I know that myself and