is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

I got my hosting suspended XD
So I saw this challenge a day or so ago

http://www.programming-challenges.com/pg.php?page=dow

Help, Base64 encoding url and decoding server side.
Hello everyone, i have a website with videos and games and also provide an embed code which people c

Storing Values taken from a DB...
Using this code it will generate a short list from my database

<?php
mysql_connect

why preg_match_all does not return the number of matches
My regex looks like

X[^x{4e00}-x{9fa5}]*Y

(where X and Y are two Chinese characters)

Setting/Modify Headers using mail() function
I have a question about setting email headers when using mail() in a php script.

When I send

PHP mail() rejected by SMTP
I'm currently working on a newsletter application which is installed on a windows 2003 server runnin

Easy administration on MySQL databases
My website is database driven and I am very tired of manually making queries to my tables in order t

validating url
im trying to validate url's sent to me by a form
the url's im collecting are for placing banners

Call Screen statement Error
Dear Experts,

is there any setting that needs to be done before creating any dialog progr

FROM_UNIXTIME($phpdate);
Hello,

I tried to use this :

$date = FROM_UNIXTIME($phpdate);

ANd I was t

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash