php - mysql_real_escape_string won't allow me to login -
i'm using mysql_real_escape_string()
escape logins such 1' or '1' = '1
, however, when escape cannot login - triggers error of "please enter valid username , password". if remove function , use trim()
works fine doesn't escape sql injection obviously.
//$name = trim($_post['adminname']); //$pswd = trim($_post['pswd']); $name = mysql_real_escape_string($_post['adminname']); $pswd = mysql_real_escape_string($_post['pswd']); $sql_re=$db->query("select admin_id,name admin name ='".$name."' , password = '".$pswd."'"); //$db->result(); // loads results list of arrays if($db->row() > 0){ $_session['adminname'] = "admin"; echo '<script>window.location = "index.php";</script>'; }else{ $msg = "please enter valid username , password!"; } // loads 1 result row associative array
i've tried escaping during query still doesn't work.
select admin_id,name admin name ='".mysql_real_escape_string($name)."' , password = '".mysql_real_escape_string($pswd)."'"
i've tried mysqli_real_escape_string()
caused db error i'm using mysql.
any idea on can try next? thanks
Comments
Post a Comment