is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>
No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

reading xml faster than DB call?
I am trying to optimize a high traffic website, and I enabled a feature where there are three photos

foreach and array need help combining
Hi guys.

Here's the code

Code: array(
'tag' => 'code',<

list files from folder, only one for each date
I have many files in a folder and wish to only list one of each date

these are the file names

"GROUP BY" in arrays
Well i'm looking to do something i usually could do easily using COUNT and GROUP BY if it was a sql

adding 0 to numbers
Hey guys i need to create a 00001 number in a loop. Is there a better way of forcing a 5 digit numbe

Page Reload
I am having issues getting a page to reload after I submit data to a database. This form should inp

HeaderSelectedCssClass not working
I have an accordian where I have a drop down list in the first pane and a grid in the second pane.

Pls help with PHP
Pls can anyone direct me on how to create a user account for a customer. For example i want know if

SQl num_rows problem
when i try to count rows from an SQL select i get an warning

Code: [Select]$countviews = mysq

Structure Question - One Table or One Table Per Record Set?
I have a web app (mySQL and PHP) which allows people to create an item with up to 200 records which

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash