php - mysql_real_escape_string won't allow me to login -


i'm using mysql_real_escape_string() escape logins such 1' or '1' = '1, however, when escape cannot login - triggers error of "please enter valid username , password". if remove function , use trim() works fine doesn't escape sql injection obviously.

        //$name = trim($_post['adminname']);         //$pswd = trim($_post['pswd']);         $name = mysql_real_escape_string($_post['adminname']);         $pswd = mysql_real_escape_string($_post['pswd']);          $sql_re=$db->query("select admin_id,name admin name ='".$name."' , password = '".$pswd."'");         //$db->result(); // loads results list of arrays if($db->row() > 0){           $_session['adminname'] = "admin";         echo '<script>window.location = "index.php";</script>';         }else{             $msg = "please enter valid username , password!";            } // loads 1 result row associative array 

i've tried escaping during query still doesn't work.

select admin_id,name admin name ='".mysql_real_escape_string($name)."' , password = '".mysql_real_escape_string($pswd)."'" 

i've tried mysqli_real_escape_string() caused db error i'm using mysql.

any idea on can try next? thanks


Comments

Popular posts from this blog

matlab - "Contour not rendered for non-finite ZData" -

delphi - Indy UDP Read Contents of Adata -

javascript - Any ideas when Firefox is likely to implement lengthAdjust and textLength? -