is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>
No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

"SEO" URLs
Hey, I'm wondering how to go about creating and using these types of URLs. I'm presuming it's PHP th

mod_rewrite.c on windows ??
why it's not working on windows while it's working on other hosts???

this is the code i got

Session
I am having a little trouble with a session. Not sure if it is my browser or what. I know I do not

BackButton Behaviour in AJAX
I have an ASPX Page AJAX Enabled!The page has a gridView and a DDL for filtering on it. The Gridview

Need help with unexpected T-STRING error
I'm a newbie and I'm still learning PHP. However this error has me stumped. I've googled, searched t

FROM_UNIXTIME($phpdate);
Hello,

I tried to use this :

$date = FROM_UNIXTIME($phpdate);

ANd I was t

Different actions for different parts of a string
<?php
function dosomething($string, $else = '') {
if (empty($else))
$string

Limiting uploaded file type
Hi. First post here
I am working on a simple upload script, and I need it to limit the allowed f

Multi language - seo links
Im trying to figure out the best method to have a multi language website that will function with seo

FAGL_FC_TRANSLATION FAS52 New GL ECC 6.0
Hello,

The new program for Translating GL Balances (FAS 52) gives the option to use diffe

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash