is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>
No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

PHP onsubmit in the form not going to the fuction.
I have a form through ‘onsubmit’ calling a function validation(). But not going to the

There was a problem with the request. (Code: 0)
Any Idea what could cause this? I get it randomly at best. But with both IE and FF. It derives from

validating url
im trying to validate url's sent to me by a form
the url's im collecting are for placing banners

Any meaningful project for a new C++ programmer?
I want to do some meaningful program, so I can help myself to learn

Assume I know the fol

Help with writing "$" with fopen
I just can't get my syntax correct. Could someone help me please? I am trying to write a connect fil

Count number of records in all the tables with a querry URGENT PLEASE...
I downloaded ORACLE 9I DATA DUMP into my comp. There are number of tables. I need to find out the

using a loop help
Hi guys , i need some help. I have this loop :
while ($row = mysql_fetch_assoc($Result)) { ?&

SWF image using php?
Hello once again.

My latest en devour requires me to produce an image of a static .swf that i

How to Detect it is public_html or httpdocs?
How to check whether it is cPanel or Plesk?

If it found public_html perform <?php incl

Varible in trigger - refering to correct schema
Hello

Im having some issues with my trigger.
What I want to do is call opon a differ

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash