I have a login system and I want to be able to prevent
SQL injection but whatever I try doesn't work.
When I add mysql_real_escape_string() it stops the form for displaying.
I tried doing this to the login form but it didn't work
- PHP: Select all
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$result = user_login($username, $password);
Does the mysql function need to go in my login function?
Here is the login function
- PHP: Select all
function user_login($username, $password)
{
// Try and get the salt from the database using the username
$query = "select salt from users where username='$username' limit 1";
$result = mysql_query($query);
$user = mysql_fetch_array($result);
// Using the salt, encrypt the given password to see if it
// matches the one in the database
$encrypted_pass = md5(md5($password).$user['salt']);
// Try and get the user using the username & encrypted pass
$query = "select userid, username, user_level from users where username='$username' and password='$encrypted_pass'";
$result = mysql_query($query);
$user = mysql_fetch_array($result);
$numrows = mysql_num_rows($result);
$userid = $user['userid'];
$user_level = $user['user_level'];
// Now encrypt the data to be stored in the session
$encrypted_id = md5($user['userid']);
$encrypted_name = md5($user['username']);
$encrypted_user = md5($user['user_level']);
// Store the data in the session
$_SESSION['userid'] = $userid;
$_SESSION['username'] = $username;
$_SESSION['user_level'] = $user_level;
$_SESSION['encrypted_id'] = $encrypted_id;
$_SESSION['encrypted_name'] = $encrypted_name;
$_SESSION['encrypted_user'] = $encrypted_user;
if ($numrows == 1)
{
return 'Correct';
}
else
{
return false;
}
}
Here is the login form
- PHP: Select all
<?php
// Include init file
include 'init.php';
if (!isset($_POST['submit']))
{
// Show the form
include 'includes/login_form.inc.php';
exit;
}
else
{
// Try and login with the given username & pass
$result = user_login($_POST['username'], $_POST['password']);
if ($result != 'Correct')
{
// Reshow the form with the error
$login_error = $result;
include 'includes/login_form.inc.php';
}
else
{
echo 'Thank you for logging in, <a href="index.php">click here</a> to go back.';
}
}
?>
and finally the login_form.inc file
- PHP: Select all
<?php if (isset($login_error)) { ?>
There was an error: <?php echo $login_error; ?>, please try again.
<?php } ?>
<form action="login.php" method="post">
<b>Username:</b> <input type="text" size="20" maxlength="20" name="username"
<?php if (isset($_POST['username'])) { ?> value="<?php echo $_POST['username']; ?>" <?php } ?>/><br />
<b>Password:</b> <input type="password" size="20" maxlength="10" name="password" /><br />
<input type="submit" name="submit" value="Login" />
</form>
SQL injection prevention
Sep 6th, 2007, 11:53
Similar Threads
