is this the proper use of mysql_real_escape_string() to prevent sql injections?
Posted on
16th Feb 2014 07:03 pm by
admin
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek
Code: <?php
include("connect1.php");
Did you know?Explore Trending and Topic pages for more stories like this.
session_start(); // this is the session declaration , one per page.
$u = trim($_POST['username']);
$p = trim($_POST['password']);
$logoff = $_GET['logoff'];
$hack = $_GET['hack'];
if($logoff){
unset($_SESSION['userid']);
//session_destroy(); //commented out gets rid of the having to login twice.
$message = "You have been logged off";
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
if($result['username']){
$message = "You have been logged in";
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php");
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
No comments posted yet
Your Answer:
Login to answer
259
53
Other forums
upload only text files
hi guys i want to upload only text like like (pdf,note pad and ofiice files) so can any one please t
PHP code for a proxy
I was wondering which function I could use to create an online proxy tool. I was thinking cURL would
Count
Getting the same count everytime
Code:
$visitquery = mysql_query("SELECT COUNT(*) FR
Adding Outlook 2007 items via file upload
I am looking for a way to be able to attach an Outlook item (an email message) in an ASP.NET 3.5 app
update 2 columns by doing inner 2-column query
Hi,
is something like this possible?
update contract_all set col1,col2 =
(
Can we convert non uni code system into unicode
Hi All,
Presently i am using non-unicode system and the sap version is 4.7.
Can i c
constructor ?
i have written this program and made 3 constructors in the class and i want to call them in the main
From Header Showing 'Unkown' In Hotmail? Why?
Code: $to = $row_GetID['email_addr'].',sales@mywebaddress.co.uk';
$subject = 'Thank you for you
Access website from only 1 computer...?
One of my customers wants his website to only be accessed by people in which they bought the website
To add a field on the screen XK02.
Hi All,
How to add an additional field in the vendor change control screen XK02.
The