/    Sign up×
Community /Pin to ProfileBookmark

Protecting from sql injections on my login form

Copy linkTweet thisAlerts:
Aug 22.2006

hi,all i just tried to hack in to my own site to see how secure it was and how i wanna clean up my code so no one can hack into my site using sql injections this is my login code

[code=php]
<?php
session_start();
$msg_pass=””;
$msg_user=””;
$username=trim($_POST[‘username’]);
$password=trim($_POST[‘password’]);
if($username && $password)
{
//include database
$cQuery=”SELECT username,password FROM users WHERE username='”.$username.”‘”;
$rs=mysqli_query($con,$cQuery);
if($rs)
{
$count=mysqli_num_rows($rs);
if($count>0)
{
$ushapass=sha1($password,TRUE);
$data=mysqli_fetch_assoc($rs);
if($data[‘password’]==$shapass)
{
$_SESSION[‘user’]=$username;
}
else
{
$msg_pass=”Wrong Password,Please Try again”;
}
}
else
{
$msg_user=”Wrong Username,Please Try again”;
}
}
else
{
echo “Unable to excute the query:”.mysqli_errno($con);
}
}
[/code]

That is my Login code how can i go about fixing the sql injection in the login code can anyone help

to post a comment
PHP

1 Comments(s)

Copy linkTweet thisAlerts:
@NogDogAug 22.2006 — See [url=http://www.php.net/manual/en/function.mysqli-real-escape-string.php]mysqli_real_escape_string()[/url].
×

Success!

Help @william232 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.6,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...