is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

Array question
Does anyone know how to create a program that takes the $ amount for 8 different departments and gi

Putting double spaces instead of single spaces
Im looking at trying to replace all single spacing between fields with double spacing

At pres

TCP Sending Unsigned Char...
Hi...

I want to send over tcp/ip some data, i have the data in hexadecimal, and when i tr

Sessions Value Not Saved
Hi,

Im making a login form and im using this code:
Code: if($login=="true"){

Is there a quick way to do this?
Hi all,

I need to create a mysql table from php that goes a little something like this

file_put_contents and createimagefromjpeg
All,
I do somethings and then I have the following code:
file_put_contents('./test/'.$filename

.htpasswd Registration Form
Hi,
I wanted to make an htpasswd registration form.
I found this code on the internet but have

Google Map
I have done Google Map Integration for one my project. But for that we need the "latitude and l

Connect to database that isn't localhost
I am currently doing a small script for a company that doesn't have mySql support on there hosting.

Need help to modify php ELSE code
I'm trying to find a way to have the php code display a message if there is no inventory listed in t

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash