is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>
Trending TodaySee what people are reading
No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

Using loop to count number of entries
I'm writing a program that must ask user to type in numbers. After each entry, the program has to re

WM transfer order: confirm different batch than proposed by system
Hi folks,

following scenario: we have a full WM with mixed batch numbers allowed in stora

Form submissing with PHP and JQuery/Ajax
I have searched everywhere, but cannot find a solution for this... I have worked all day trying to g

New to Arrays
Hi I am new to PHP (a week and a half now) and I am just beginning to read about arrays. I understan

2 decima places & How to reload my page
Hello There,

How do i put full-stop (.) after second figure from behind? ie if i have 123456

Add code to enable passing of checkbox variable on login
Ok, I have a login page, but want to add a checkbox that when checked and successful login is made i

need help to creat database
Hello Team, please guys i am stuck from three days with paypal issue for IPN but no luck yet now i w

PHP / MySQL Associative Multidimensional Array:
Hello.

I have data in a MySQL Table that adheres to the below: (note, no index, could add if

Displaying image pathname instead of image
Hello

Im trying to upload and then display images from a mysql database - Its only basic and

TinyMCE / Ajax Postback Problem
Hiya all,

I have a page which loads the TinyMCE editor. On the postback I obviously want to f

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash