ENGO150/FabrikaHradekTour
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

preventing from sql injection in APIs

Browse Source 
whoopsie
This commit is contained in:
Václav Šmejkal 2024-05-25 15:49:49 +02:00
parent a51c40fc48
commit bf9df61909
Signed by: ENGO150
GPG Key ID: 4A57E86482968843
3 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
res/forum/api/remove_user.php
View File

@ -17,7 +17,9 @@ if ($out -> num_rows != 1)
if (!isset($_GET["username"])) return; if (!isset($_GET["username"])) return;
$user_info_id = (($database -> query("SELECT user_info FROM user WHERE BINARY username=\"" . $_GET["username"] . "\"")) -> fetch_assoc())["user_info"]; $safe_username = mysqli_real_escape_string($database, $_GET["username"]);
$user_info_id = (($database -> query("SELECT user_info FROM user WHERE BINARY username=\"" . $safe_username . "\"")) -> fetch_assoc())["user_info"];
$database -> query("DELETE FROM user WHERE user_info=" . $user_info_id); $database -> query("DELETE FROM user WHERE user_info=" . $user_info_id);
$database -> query("DELETE FROM user_info WHERE id=" . $user_info_id); $database -> query("DELETE FROM user_info WHERE id=" . $user_info_id);

13
res/forum/api/update_user.php
View File

@ -22,7 +22,14 @@ if ($out -> num_rows != 1 && $_GET["old_username"] != $_SESSION["username"])
$user = true; $user = true;
} }
$user_info_id = (($database -> query("SELECT user_info FROM user WHERE username=\"" . $_GET["old_username"] . "\"")) -> fetch_assoc())["user_info"]; $safe_old_username = mysqli_real_escape_string($database, $_GET["old_username"]);
$safe_username = mysqli_real_escape_string($database, $_GET["username"]);
$safe_admin = mysqli_real_escape_string($database, $_GET["admin"]);
$safe_sex = mysqli_real_escape_string($database, $_GET["sex"]); //fr
$safe_bio = mysqli_real_escape_string($database, $_GET["bio"]);
$safe_nickname = mysqli_real_escape_string($database, $_GET["nickname"]);
if (!$user) $database -> query("UPDATE user SET username=\"" . $_GET["username"] . "\", admin=" . $_GET["admin"] . " WHERE user_info=" . $user_info_id); $user_info_id = (($database -> query("SELECT user_info FROM user WHERE username=\"" . $safe_old_username . "\"")) -> fetch_assoc())["user_info"];
$database -> query("UPDATE user_info SET sex=" . $_GET["sex"] . ", bio=\"" . $_GET["bio"] . "\", nickname=\"" . $_GET["nickname"] . "\" WHERE id=" . $user_info_id);
if (!$user) $database -> query("UPDATE user SET username=\"" . $safe_username . "\", admin=" . $safe_admin . " WHERE user_info=" . $user_info_id);
$database -> query("UPDATE user_info SET sex=" . $safe_sex . ", bio=\"" . $safe_bio . "\", nickname=\"" . $safe_nickname . "\" WHERE id=" . $user_info_id);

4
res/forum/api/user_info.php
View File

@ -17,7 +17,9 @@ if ($out -> num_rows != 1 && $_GET["username"] != $_SESSION["username"])
return; return;
} }
$out = $database -> query("SELECT user.username, user.admin, user_info.bio, user_info.nickname, user_info.sex FROM user INNER JOIN user_info ON user.user_info=user_info.id AND username=\"" . $_GET["username"] . "\""); $safe_username = mysqli_real_escape_string($database, $_GET["username"]);
$out = $database -> query("SELECT user.username, user.admin, user_info.bio, user_info.nickname, user_info.sex FROM user INNER JOIN user_info ON user.user_info=user_info.id AND username=\"" . $safe_username . "\"");
$output = array(); $output = array();
$res = $out -> fetch_assoc(); $res = $out -> fetch_assoc();