-
In data.php file there is SQL INJECTION that allows attacker to delete your database and steal all its informations. I have made pull request, but no answer from you. Your codes are DANGEROUS. Have a …
-
```
Try to read about SQL injections.
```
Original issue reported on code.google.com by `kepbauti...@gmail.com` on 9 May 2011 at 3:35
-
Have a look at your controllers. The way that the SQL are executed is really dangerous.
-
-
@' and 1=1 and 1 '
WLsix updated
6 years ago
-
https://github.com/integer-class/final-project-group-5/blob/3f1cec0108819771b73c3a08e8ad0f2fbef79728/e-canteen-jti/app/models/UserModel.php#L16
-
![image](https://user-images.githubusercontent.com/67494127/161883346-89fcf6b9-d943-4f39-873e-905868b1223b.png)
-
SQL Injection
-
Hey Nadya!
You have this api call: /online_game/public/getnickname.php?playernum=1
Which receives a GET parameter here:
https://github.com/nprimak/hnefatafl/blob/master/online_game/public/getnicknam…
-
O sistema ainda é muito passivel de SQL Injection.
Sugiro algo como:
- Usar PDO ao invés de mysqli puro. A classe de "Connection" pode ser um **singleton** para o PDO.
- Usar PDO::bindValue ou PDO::bi…