Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix sql-injection
  • Loading branch information
BlackBeanie21 committed Sep 28, 2021
1 parent ef5af2c commit 759c30b
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions server/index.php
Expand Up @@ -92,7 +92,7 @@ public function get_info($interval) {
FROM phone_home_tb ";

if ($interval!=='1') {
$sql .= " WHERE reg_date >= DATE_SUB(CURDATE(), INTERVAL $interval DAY)";
$sql .= " WHERE reg_date >= DATE_SUB(CURDATE(), INTERVAL :interval DAY)";
}

$sql .= " GROUP BY release_tag, country_code
Expand All @@ -103,7 +103,7 @@ public function get_info($interval) {
$stmt = $conn->prepare($sql);

// execute query
$stmt->execute();
$stmt->execute(array(':interval' => intval($interval)));

// create new empty array
$infos = array();
Expand Down Expand Up @@ -148,8 +148,8 @@ public function get_country_coor($country_code) {
FROM country_name_map
WHERE code = '$country_code'";
}
WHERE code = ':country_code'";
}
catch(PDOException $e) {
echo $e->getMessage();
}
Expand All @@ -158,7 +158,7 @@ public function get_country_coor($country_code) {
$stmt = $conn->prepare($sql);

// execute query
$stmt->execute();
$stmt->execute(array(':country_code' => $country_code));

// create new empty array
$infos = array();
Expand Down

0 comments on commit 759c30b

Please sign in to comment.