Jump to content

[SOLVED] is this the proper use of mysql_real_escape_string() to prevent sql injections?

silverglade

By silverglade
in PHP Coding Help

Recommended Posts

silverglade Advanced Member

silverglade

Posted
Posted

i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derek

 

<?php
include("connect1.php");

session_start(); // this is the session declaration , one per page.

$u = trim($_POST['username']);
$p = trim($_POST['password']);  

$logoff = $_GET['logoff'];  
$hack = $_GET['hack'];  





if($logoff){

    
unset($_SESSION['userid']);

//session_destroy(); //commented out gets rid of the having to login twice.

$message = "You have been logged off";  

    
     

		}

  
if($hack){    

$message = "Naughty Naughty!"; // COOL

    }


// escape username and password for use in SQL
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if($u && $p){

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
                                         
if($result['username']){  

	$message = "You have been logged in";

	$_SESSION['userid'] = $result['username'];

	header("Location:old.mainsite.php");  
	exit;


}else{

	$message = "You do not exist on the system";

}



}
?>

seanlim Newbie

seanlim

Posted
Posted

Looks fine.

 

You might not want to trim() the password. If you do, a password with a space at the front/back will have the space removed automatically. And i think a space at the front/back of a password is quite valid...

silverglade Advanced Member

silverglade

Posted
  • Author
Posted

Awesome thank you seanlim!! i didnt think anyone would be awake still LOL. thanks for saving my website and database from possible disaster! have a good morning. well at least its morning here. gnight. thanks, derek

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.