is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

Empty text file when there is over XXXX lines of text.

define("RANDOM_FILE","/public_html/random.txt");
$randomEntry = "

Add weeks in a query?
I have a SQL that summarizes the quantity per week. The weeks that has no value does not exist in th

How to assign a textbox value to PHP variable??
Hi ! Can any one help me out as quickly as possible. As I m new to PHP.
Plz tell me how to assign

Optimize Code
Just started getting into the use of cookies. The following code will redirect users to a set URL s

PHP code for a proxy
I was wondering which function I could use to create an online proxy tool. I was thinking cURL would

cURL proxy
Okay here is the thing... i know how to add proxys

Code: curl_setopt($ch, CURLOPT_PROXYTYPE,

Get ID from Database when Posting with a HTML Form
I have a form I am submitting to a MySql database. Each product has an ID # attached to it that auto

Combining refCursors and Summing
Given the following DDL:

CREATE TABLE FOODSALESTEST ("WEEKNBR" NUMBER, "ST

isset undefined variable
Hi all,

Hope someone can point out the obvious. I've a log in script, if you dont enter a use

Header redirect
Hello ive got a problem ive got form with its action set to itself.
Code: <form id="f

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash