0
Well, I use the following code to p/ make a check if the user exists and log in:
<?PHP
include('config.php');
include('menu.php');
# Validar os dados do usuário
function anti_sql_injection($string)
{
include('config.php');
$string = stripslashes($string);
$string = strip_tags($string);
$string = mysqli_real_escape_string($conexao,$string);
return $string;
}
$sql = mysqli_query($conexao,"select * from tb_usuario where
email_usu='".anti_sql_injection($_POST['email_usu'])."' and
senha_usu='".anti_sql_injection($_POST['senha_usu'])."' limit 1") or die("Erro");
$linhas = mysqli_num_rows($sql);
if($linhas == '')
{
?>
<div class="msg2 padding20">Usuário não encontrado ou usuário e senha inválidos.</div>
<?PHP
}
else
{
while($dados=mysqli_fetch_assoc($sql))
{
session_start();
$_SESSION['nome_usu_sessao'] = $dados['nome_usu'];
header("Location: conteudo.php");
}
}
?>
As you can see, the code has a protection against Sqlinjection, however I would like to add MD5 encryption or check the password with MD5, I do not know the right term p/ this, but in case "read the MD5".
Your code has a gambiarras, not protection. Its anti_injection function corrupts valid characters. Just use
mysqli_real_escape_string(), nothing else. Another trick is to use MD5 for the password. PHP already has the correct functions for this, which arepassword_hashandpassword_verify.– Bacco
Readings that may help: How to apply password_hash in SELECT, INSERT and UPDATE and How to hash passwords securely?, and also How to prevent SQL code injection into my PHP code?
– Bacco
See one of the last answers of the above closing link to apply to the MD5 reading, have a practical example of select.
– Bacco