MySQL Forums
Forum List  »  Security

Re: MySQL security
Posted by: Josh Fisher
Date: July 10, 2011 05:01AM

Hello i have looked all over the web and i cant seem to find a page that has a login php script that stops sql injections i've heard of mysql_escape_string but i dont know were to put it, here is my code that i have any ideas ?

<?php
ob_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="Removed for security"; // Mysql password
$db_name="Removed for security"; // Database name
$tbl_name="Removed for security"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

Options: ReplyQuote


Subject
Views
Written By
Posted
4054
April 09, 2011 12:47AM
2012
April 12, 2011 01:42AM
Re: MySQL security
2205
July 10, 2011 05:01AM
2126
July 11, 2011 12:30AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.