PHP/MySQL Database/mysql real escape string
Building Queries on the Fly
<source lang="html4strict">
<?php
function opendatabase ($host,$user,$pass) { try { if ($db = mysql_connect ($host,$user,$pass)){ return $db; } else { throw new exception ("Sorry, could not connect to mysql."); } } catch (exception $e) { echo $e->getmessage (); } } function selectdb ($whichdb, $db){ try { if (!mysql_select_db ($whichdb,$db)){ throw new exception ("Sorry, database could not be opened."); } } catch (exception $e) { echo $e->getmessage(); } } function closedatabase ($db){ mysql_close ($db); } $db = opendatabase ("localhost","root",""); selectdb ("mydatabase",$db); $_POST["user"] = "myname"; $_POST["pass"] = "mypassword"; function validatelogin ($user,$pass){ mysql_real_escape_string ($user); mysql_real_escape_string ($pass); $thequery = "SELECT * FROM userlogin WHERE username="$user" AND password="$pass""; if ($aquery = mysql_query ($thequery)){ if (mysql_num_rows ($aquery) > 0){ return true; } else { return false; } } else { echo mysql_error(); } } if (validatelogin ($_POST["user"],$_POST["pass"])){ echo "You have successfully logged in."; } else { echo "Sorry, you have an incorrect username and/or password."; } closedatabase ($db);
?>
</source>