is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>
No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

$variable = $variable
Hello

Sorry if this is a really simple question but I have run out of ideas. Is there a reall

Comma seperated implode & modifying returned string.
I have a PHP post form that posts up to 4 variables. I need whatever variables are passed to be comb

Filename like the user name
I am creating a form and storing the values in file. Could anyone please tell me how to write a code

Run function every 5 mins ??
I have a function PostMessage()

How can I run it every 5 mins ??

Custom CMS
This is a big custom CMS script I'd like to develop and would like some help atleast figuring out wh

CU&UC guide
Hi Gurus,

can anybody provide me the link for CU&UC upgrade guide

Thanks i

Accessing Infotype data in dialog program
Hi All
In Dialog programs attributes I didn't see any logical database field. How can I access

PHP5/Zend 2.0 - Resources
PHP5 Snapshots
http://snaps.php.net/

ZEND 2.0 Feature Overview and Design (PDF File

What is SAP Avatar ?
Hi All,

This G.Satish , my boss asked me to explore on SAP Avatar. I searced in internet

Adding Outlook 2007 items via file upload
I am looking for a way to be able to attach an Outlook item (an email message) in an ASP.NET 3.5 app

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash