MySQL Injection Prevention Check

aeonsky · June 30, 2008

Hey, is this a fool-proof way to prevent MySQL from injections? Thanks for the time!

function validate() {
connect_mysql();
$form_user = mysql_real_escape_string(stripslashes(trim($_POST['form_user'])));

$form_pass = $_POST['form_pass'];
$result = mysql_query("SELECT * FROM user WHERE username = '$form_user'") or die("Wrong username/password! ".mysql_error());
$row = mysql_fetch_array($result);
$mysql_user = $row['username'];
$mysql_pass = $row['password'];
if (md5($form_pass) != $mysql_pass) {echo "Wrong username/password!"; die;};
mysql_close;
$_SESSION['login'] = TRUE;
header('Location:'.$_SERVER['PHP_SELF']);
}

darkfreaks · June 30, 2008

looks great to me

unsider · June 30, 2008

Looks good to me as well. No other code you wanna run by us?

aeonsky · June 30, 2008

Oh, maybe another improvement?

before >>>

$result = mysql_query("SELECT * FROM user WHERE username = '$form_user'") or die("Wrong username/password! ".mysql_error());

after >>>

$result = mysql_query("SELECT * FROM user WHERE username = ('$form_user')") or die("Wrong username/password! ".mysql_error());

MasterACE14 · June 30, 2008

yeah, its looking pretty good.

Sign In

MySQL Injection Prevention Check

Recommended Posts

aeonsky

Link to comment

Share on other sites

darkfreaks

Link to comment

Share on other sites

unsider

Link to comment

Share on other sites

aeonsky

Link to comment

Share on other sites

MasterACE14

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information