SQL Queries prone to SQL Injection

jevenson-github / WEB-BASED-CMS-AND-NEWS-PORTAL-FOR-CURSOR-PUBLICATION-THESIS-2022

A web-based student publication system for Bulacan State University College of Information and Communications Technology (BulSU-CICT). Through a series of pitching and formal interviews with the client, the project improved CURSOR Publication’s editorial process by reducing time spent on content entry, searching, and administration.

2 stars 1 forks source link

SQL Queries prone to SQL Injection #1

Open kevinkimdevera opened 1 year ago

kevinkimdevera commented 1 year ago

https://github.com/jevenson-github/Web-Based-CMS-and-News-Portal-for-Cursor-Publication-using-PHP-AJAX-and-Tailwind/blob/da34802c87734b325ef41d117e3a35b0c05a3ee2/cms/auth/checkUsername.php#L7

You must use prepare statements

kevinkimdevera commented 1 year ago

https://github.com/jevenson-github/Web-Based-CMS-and-News-Portal-for-Cursor-Publication-using-PHP-AJAX-and-Tailwind/blob/da34802c87734b325ef41d117e3a35b0c05a3ee2/cms/auth/session.php#L81

https://github.com/jevenson-github/Web-Based-CMS-and-News-Portal-for-Cursor-Publication-using-PHP-AJAX-and-Tailwind/blob/da34802c87734b325ef41d117e3a35b0c05a3ee2/cms/auth/session.php#L105

kevinkimdevera commented 1 year ago

https://github.com/jevenson-github/Web-Based-CMS-and-News-Portal-for-Cursor-Publication-using-PHP-AJAX-and-Tailwind/blob/da34802c87734b325ef41d117e3a35b0c05a3ee2/cms/auth/signOut.php#L10

kevinkimdevera commented 1 year ago

$stmt = $mysqli->prepare("SELECT * FROM myTable WHERE name = ? AND age = ?"); $stmt->bind_param("si", $name, $age); $stmt->execute(); $stmt->close();