is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>
Trending TodaySee what people are reading
No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

How to show the difference between two data field in a database with php.
Hello php gurus,

how r u all... i'm not so well facing a typical problem please help me...<

help with this code please?
Hello,

I am trying to build a remote upload script for my image hosting site.

I am usi

What am I missing here? Help!
Hello all!. I can't seem to get this working right. Well - it renders right, but something is goin

preg_replace question
Hello!!

I hope someone can help me with preg_replace.

I load two tables from an extern

Placing and array within an array then sorting it!
I have a page that runs two large mysql queries and saves the results into arrays, in php I then per

Specific name typed, specific image shown on html page
Hello,

Fairly new to PHP and was curious if someone might know how to solve a fairly simple r

generating all possible random letters
hi'

how can i randomize the letters a,b,c,d,e all possible ways, and i want to print the res

PHP form authentication
Hi guys,

what am trying to achieve is this: Whenever a user tries to login to my website, an

From Header Showing 'Unkown' In Hotmail? Why?
Code: $to = $row_GetID['email_addr'].',sales@mywebaddress.co.uk';
$subject = 'Thank you for you

want to add a break after a certain amount of characters
i was wondering how to add a break in a blog post after a certain amount of characters... any idea o

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash