Open dbursem opened 9 years ago
cunimb
commented
9 years ago I don't know if PDO is enable on the server, Seb can you confirm? Other scripts (not yet on github) use sql.php, I need to publish them before to manage all database access with PDO.
dbursem
commented
9 years ago PDO should be enabled by default since 2005 or something so it probably is unless somebody explicitly compiled PHP without...
I added the mysqlconnect() functions back to the sql.php file so you can keep using it, but really you should look into this. The mysql functions have been deprecated since PHP5.5 and better alternatives have been around quite a while! I'm not much of a hacker but I still managed to do some very simple sql injections on live.glidernet.org yesterday (nothing harmfull).
If you release those other files, maybe I can look into them too. Would be nice to have a database schema though, so I can properly test it before comitting.
snip
commented
9 years ago PDO is supported by the webserver. You can check this on: http://live.glidernet.org/phpinfo.php
The code is vulnerable to SQL injection, use prepared statements for queries with user input!