is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

License Issue - service type user
Hi,

I would like to understand the following issue regarding sap license.
I wish to

Read from a text file after a specific word
Hi all.

I have a text file that looks like the one below.
I know how to open the text fi

Production Order Enterprise Service to Manufacturing Exctn Sys (MES) ???
Hello Experts,

In our current landscape SAP ECC 5.0 is integrated to MES system via PI 7.

weeks in a year
hi,

i found this snippet on php.net
QuoteFor the week number for weeks starting on Sunday:

To add a field on the screen XK02.
Hi All,

How to add an additional field in the vendor change control screen XK02.
The

Text to picture Generator
Hello, i have found this script and it works really good^^ But i have one problem, i would like to c

Dynamic memory problem
Hey,

At the beginning of my code, I have this line:

Shape* gShape = 0;

Select Lists into MYSQL
Hello All, I am new to PHP @ 1 week. So borrowing code anywhere I can. I am making progress, but h

Getting rid of quotes when printing data
Hi Guys, I use the filter_var FILTER_SANITIZE_STRING to filter the textarea input. The function esca

unexpected T_VARIABLE error
Hey all! I'm getting an unexpected T_VARIABLE with the following function:

function getHighes

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash