oakland-poduska
commented
6 years ago All queries in the code have been switched over to prepared statements and will continue in the future.
Closed kalevias closed 6 years ago
oakland-poduska
commented
6 years ago All queries in the code have been switched over to prepared statements and will continue in the future.
PHP code used to query the database should be written using prepared statements rather than simple variable concatenation in SQL statement creation. Using prepared statements protects against SQL code injection, and makes it nigh-impossible to occur. Currently, our database is vulnerable to code injection based on the code in https://github.com/jnick1/MyCollege/commit/3c708bdf39037e7988d3348147ad31efc86b7fd3.