aeonsky Posted June 30, 2008 Share Posted June 30, 2008 Hey, is this a fool-proof way to prevent MySQL from injections? Thanks for the time! function validate() { connect_mysql(); $form_user = mysql_real_escape_string(stripslashes(trim($_POST['form_user']))); $form_pass = $_POST['form_pass']; $result = mysql_query("SELECT * FROM user WHERE username = '$form_user'") or die("Wrong username/password! ".mysql_error()); $row = mysql_fetch_array($result); $mysql_user = $row['username']; $mysql_pass = $row['password']; if (md5($form_pass) != $mysql_pass) {echo "Wrong username/password!"; die;}; mysql_close; $_SESSION['login'] = TRUE; header('Location:'.$_SERVER['PHP_SELF']); } Link to comment https://forums.phpfreaks.com/topic/112525-mysql-injection-prevention-check/ Share on other sites More sharing options...
darkfreaks Posted June 30, 2008 Share Posted June 30, 2008 looks great to me Link to comment https://forums.phpfreaks.com/topic/112525-mysql-injection-prevention-check/#findComment-577788 Share on other sites More sharing options...
unsider Posted June 30, 2008 Share Posted June 30, 2008 Looks good to me as well. No other code you wanna run by us? Link to comment https://forums.phpfreaks.com/topic/112525-mysql-injection-prevention-check/#findComment-577828 Share on other sites More sharing options...
aeonsky Posted June 30, 2008 Author Share Posted June 30, 2008 Oh, maybe another improvement? before >>> $result = mysql_query("SELECT * FROM user WHERE username = '$form_user'") or die("Wrong username/password! ".mysql_error()); after >>> $result = mysql_query("SELECT * FROM user WHERE username = ('$form_user')") or die("Wrong username/password! ".mysql_error()); Link to comment https://forums.phpfreaks.com/topic/112525-mysql-injection-prevention-check/#findComment-577861 Share on other sites More sharing options...
MasterACE14 Posted June 30, 2008 Share Posted June 30, 2008 yeah, its looking pretty good. Link to comment https://forums.phpfreaks.com/topic/112525-mysql-injection-prevention-check/#findComment-577876 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.