is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259 
53 
Other forums
Menu restriction
How can I restrict the individual menu that would appear when a user logs in so that all users are c
Any Good MMORPGs you've played?
I'm about to have ALOT of free time on my hands (finished highschool) and I need something to fill t
form variables from database help.
Hi all,
I would like to have a form that gives you options based on the results of an mysql q
my two tables
table1 : col1 = topicid , col2 = topic
table2 : col1 = sentid, col2 = sentence
Cod
php forms and database navigatio
Hello,
I'm new to php and i'd like to post the following.
I have written code to get records f
Batch update record with Pagination
Hoping someone can help me with this issue I'm having, im trying to batch update records from a resu
animation progress while uploading files?
Hello, i have some website form to upload few files to server. i want to put some gif animation whi
isset undefined variable
Hi all,
Hope someone can point out the obvious. I've a log in script, if you dont enter a use
Backflush
I am looking for a report in SAP that would give me a list of all parts that are populated with a ba
using variables in another page
I have a test database set up on localhost. I have a form that I can type a name into, hit the butto
