Skip to content
Snippets Groups Projects
Commit 281a7c3f authored by Jonas Leder's avatar Jonas Leder
Browse files

Merge branch 'jonasled-master-patch-15565' into 'master' 

fix two times sql injection possible

See merge request !10
parents b4371f8d 9c236bba
No related branches found
No related tags found
1 merge request!10fix two times sql injection possible
Pipeline #7258 passed
Stage: build
Show whitespace changes
Inline Side-by-side
public/API/queries/blogPost.php
+ 2
1
View file @ 281a7c3f
...@@ -39,6 +39,7 @@ function blogPost($id, $conn) ...@@ -39,6 +39,7 @@ function blogPost($id, $conn)
function blogPosts($count, $contentLength, $conn) function blogPosts($count, $contentLength, $conn)
{ {
$response = []; $response = [];
$count = $conn->real_escape_string($count);
$result = $conn->query("SELECT * FROM posts order by id desc limit $count"); $result = $conn->query("SELECT * FROM posts order by id desc limit $count");
if ($result->num_rows > 0) { if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {
......
public/API/queries/comments.php
+ 1
0
View file @ 281a7c3f
...@@ -18,6 +18,7 @@ $commentField = new ObjectType([ ...@@ -18,6 +18,7 @@ $commentField = new ObjectType([
function comments($article, $conn) function comments($article, $conn)
{ {
$response = []; $response = [];
$article = $conn->real_escape_string($article);
$result = $conn->query("SELECT * FROM comments WHERE article='$article'"); $result = $conn->query("SELECT * FROM comments WHERE article='$article'");
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {
$commentElement = [ $commentElement = [
......
public/API/queries/skills.php
+ 1
1
View file @ 281a7c3f
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment