Skip to content
Permalink
Browse files Browse the repository at this point in the history
login.php sql injection prevention
  • Loading branch information
rleh committed Feb 3, 2015
1 parent edda78b commit fa0d9bc
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion api1/login.php
Expand Up @@ -21,7 +21,7 @@
$pw = $my->real_escape_string($_GET["password"]);
}
$success = false;
$query = "SELECT `password` FROM `admin_users` WHERE `name` = '".$_GET["user"]."';";
$query = "SELECT `password` FROM `admin_users` WHERE `name` = '".$my->real_escape_string($_GET["user"])."';";
$result = $my->query($query);
if($result->num_rows >= 1){
// possible multiple users with same name but different password -> multiple rows in MySQL db
Expand Down

0 comments on commit fa0d9bc

Please sign in to comment.