Closed anushkasaxena07 closed 4 months ago
Needs more work - Please let me know if you have any trouble setting it up on your local and we can chat over discord
@aswinikalyan30 sorry for my negligence please have a look now is it fine?
Hey @anushkasaxena07 - any progress?
Still working on it
Hey @anushkasaxena07 this has been open for too long, if you're not able to solve it will assign to someone else
Closing this PR as no working changes are made for more than 2 weeks and is blocking contributions from others
PR Description
The issue with the existing code is that it directly inserts user input into SQL queries, making it vulnerable to SQL injection attacks. To address this, the code needs to be refactored to use prepared statements with parameter binding. Prepared statements separate SQL logic from data, preventing malicious SQL code injection.
Solution:
Here's how to solve the issue:
save_progress() function:
delete_progress() function:
save_restriction() function:
save_evaluation() function:
get_class() function:
get_report() function:
By implementing these changes, it ensures that user input is properly sanitized, and the application is protected from SQL injection attacks. Prepared statements with parameter binding handle user data safely, preventing malicious SQL injection attempts.
Related Issues: Issue for which you are raising a PR for Avoiding SQL injections using prepared statements of MySQLi #30 Closes https://github.com/SaiyamTuteja/Faculty_Evaluation_System/issues/30
Issue
30
Issue
33
PR Description
Checklist
[ x] I have gone through the contributing guide [ x] I have updated my branch and synced it with project main branch before making this PR [x ] Is this a bug fix/enhancement/documentation changes [ x] Part of GSSOC [ x] Tested for any breaking changes [x ] Other relevant checks completed
Undertaking
I declare that:
The content I am submitting is original and has not been plagiarized. No portion of the work has been copied from any other source without proper attribution. The work has been checked for plagiarism, and I assure its authenticity. I understand that any violation of this undertaking may have legal consequences that I will bear and could result in the withdrawal of any recognition associated with the work.
[ x] I Agree