is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

Blocking video streaming
Hello everyone,

I post a message here because i didn't find any solution yet.
I just finis

printing links
Hi every1

i am connecting to a table in sql and the looping through with a while ($ var = my

timezone change with date()
so i put all my times for posts in my made from scratch forum(not phpbb3 or sm)
in my mysql db u

compile php5 with DOM
Hi,

I can't manage to compile php 5.3.0 from source on Windows to include DOM,
in spite of

Stopped working!
So I had to change some stuff, none of it major. Stuff like the extension_dir and such. BEFORE I did

Help with echo()
I'm having some problems with this code:

Code: echo '
<A HREF="jav

Sort a two dimensional array.
Hi. I've set up a two dimensional array that reads as follows:

Code: $modifiedData = array(

Calling variables
I want to call this to my website but it doesn't display what I want it to,

Code: <h5&

Display thumbnails as square while retaining aspect ratio
I am trying to figure out a way to make an image display as a square, for example 80x80 pixels, when

ctype() validation - allowing illegal characters
Hello,
I use ctype() to filter and validate a user form. However, I am trying to allow certain c

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash