search

HashenUdara / edoc-doctor-appointment-system

This PHP-based open source project is a web application for booking medical appointments. Patients can use the platform to easily schedule appointments with their doctors, saving time and effort. The project's source code is open for anyone to use, modify, and distribute according to their needs.
MIT License
312 stars 120 forks source link

Found a vulnerability #35

Open bacskaicsaba91 opened 12 months ago

bacskaicsaba91 commented 12 months ago

patient/schedule.php

include("../connection.php");
$sqlmain= "select * from patient where pemail=?";
$stmt = $database->prepare($sqlmain);
$stmt->bind_param("s",$useremail);
$stmt->execute();
$result = $stmt->get_result();
$userfetch=$userrow->fetch_assoc();
$userid= $userfetch["pid"];
$username=$userfetch["pname"];`

Error: Warning: Undefined variable $userrow in /Applications/MAMP/htdocs/edoc/patient/schedule.php on line 47

Fatal error: Uncaught Error: Call to a member function fetch_assoc() on null in patient/schedule.php:47 Stack trace: #0 {main} patient/schedule.php on line 47

xkiptoo commented 10 months ago

Code in that "patient/schedule.php" has been commented out, have you managed to get it to run?