is this the proper use of mysql_real_escape_string() to prevent sql injections?


Posted on 16th Feb 2014 07:03 pm by admin

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

Code: <?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);

$logoff = $_GET['logoff'];
$hack = $_GET['hack'];





if($logoff){


unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";




}


if($hack){

$message = "Naughty Naughty!"; // COOL

}


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.

if($result['username']){

$message = "You have been logged in";

$_SESSION['userid'] = $result['username'];

header("Location:old.mainsite.php");
exit;


}else{

$message = "You do not exist on the system";

}



}
?>

No comments posted yet

Your Answer:

Login to answer
259 Like 53 Dislike
Previous forums Next forums
Other forums

Progress bar tracking file downloads
Hey guys, was wondering if there was a way to track how far a file has been downloaded. I know there

gather checkbox data from form into email
Hello all,

First, i'd like to thank everyone who responded to my previous posts regarding set

Get last modified date of web page
Hai All,

In php how can i get last modified date of a give web page . I have tried to g

Recording popularity by day, week.. all time?
Hey everyone, I'm creating a site designed around users uploading music. How can I implement a syste

array_map() probably obvious mistake
The code below is part of a class to escape strings, but should also accept an array, using array_ma

Code working in IE but not FireFox
I created a dynamic navigation list for my website based off of a table in my database. The code is

PHP & Java
Hello,

can PHP code be used inside java code?

Code: <SCRIPT LANGUAGE="Java

Call Screen statement Error
Dear Experts,

is there any setting that needs to be done before creating any dialog progr

Opening Multiple Files/Links in Order.
I want to open links in order/one-by-one and check each for a specific string.

Example:
I

Multidimensional $_POST
Hello

How to get a single array from array of array (2 - dimension).
For example I have a

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash