is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259
53
Other forums
Function
How can I make this function that once you click the link in the code it takes you to a new page wit
Login Control?!
I have a Web Site that uses the login control also I have set the destinationurl to the page I want
Varible in trigger - refering to correct schema
Hello
Im having some issues with my trigger.
What I want to do is call opon a differ
Php If in MySql query (hiding labels if a field is empty)
Okay, I've been trying to do this for a while, and I'm finally going to ask for help so I can get th
Best way to cross matching large datasets
Hi,
Im running a script where am I cross matching about 200 000 data sets with each other. Ea
Place specific image in html page when specific name is typed.
Hello,
Fairly new to PHP and was curious if someone might know how to solve a fairly simple r
Why does my php page download images over and over
Can anybody please explain to me why my php page keeps downloading the images and other items every
Passing Arguments to execlp()
I'm writing a program that mimics a unix shell. It's supposed to take commands with arguments and ex
Dynamic memory problem
Hey,
At the beginning of my code, I have this line:
Shape* gShape = 0;
why aint this working?
i have this code:
Code: $num = 250;
$count = ($num - $rcount);
echo $rc