Skip to content

SQL-Injection Vulnerability #1

New issue
New issue
Open
Open
SQL-Injection Vulnerability#1
@cintoros

Description

@cintoros
cintoros
opened on Oct 27, 2020

Hello

I found possible SQL-Injection vulnerabilities in your project.
see https://www.php.net/manual/en/security.database.sql-injection.php for examples

They can be fixed by using Prepared Statements see https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php
For example:

$stmt = mysqli_prepare("SELECT email_id FROM career_post WHERE email_id=?");
    $stmt->bind_param("s", $email_check);
    $stmt->execute();
    if ($query_select_run = $stmt->get_result())

instead of

$query_select = "SELECT email_id FROM career_post WHERE email_id='$email_check'";
	if($query_select_run = mysql_query($query_select))

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions