is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>
No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

More pug propaganda.
http://www.youtube.com/watch?v=8Kkrmubsgf8

The commercial is definitely worth watching pug aw

Bluetooth RSSI & VIsta
Okie I got 4 Bluetooth adapters, a DBT-120 by Dlink, A Zonet Microsoft Bluetooth which is what I use

Program with calculate Meteorologic measurements
Hello I'm a beginner and I want to make a program with calculate Meteorologic measurements:
ba

Recode Abap Dynpro into Web Dynpro
Hi All,
A client has asked us to look at rearchitecting a custom transaction that was developed

radio button reamains checked
Hello i'm trying to keep the state off my radio buttons so it shows which ones where clicked after t

cURL and Sessions
Ohai.

So, I'm trying to cURL a bunch of things off of a page, and put them into a session. I'

Ignore html and bbcode?
I've created a function to limit the amount of text according to the amount of words.

However

UDP Multicast question
Hey,

Im not really in the know when it comes to network related programming and activitie

Email logic not working
I would like to send an email using the php email() function then if it does execute i.e sends i wou

Coding question?
Hey guys, I have a quick question. If I want to make a way for people to pay for health in my game,

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash