First one in sql injection
I had this query
After reading about sql injection I tried to use the escape string although I cant figure out whats wrong it complains about the "," any ideas? Probably a simple syntax error I'm missing
Second question is how do I stop someone going straight to my admin pages by typing in the url? I have a login for myself to authenticate my user pass and redirect me to the admin pages although obviously I need to stop joe bloggs going direct there.
I had this query
PHP:
$query = "SELECT * FROM bootleg_admin WHERE name = '$username' AND pass = '$password'";After reading about sql injection I tried to use the escape string although I cant figure out whats wrong it complains about the "," any ideas? Probably a simple syntax error I'm missing
PHP:
$query = ("SELECT * FROM bootleg_admin WHERE name = '$username' AND pass = '$password'",mysql_real_escape_string($password));Second question is how do I stop someone going straight to my admin pages by typing in the url? I have a login for myself to authenticate my user pass and redirect me to the admin pages although obviously I need to stop joe bloggs going direct there.
PHP:
$query = "SELECT * FROM bootleg_admin WHERE name = '" . mysql_real_escape_string($username) . "' AND pass = '" . mysql_real_escape_string($password) . "'";
Last edited: