Skip to content
Permalink
Browse files Browse the repository at this point in the history
real_escape_string() to prevent SQL injections on database.
 Removed old welcomeEmail.php
  • Loading branch information
aeharding@gmail.com committed Mar 21, 2013
1 parent 9d224af commit 096de58
Show file tree
Hide file tree
Showing 6 changed files with 15 additions and 20 deletions.
Binary file modified webserver/img/Thumbs.db
Binary file not shown.
9 changes: 8 additions & 1 deletion webserver/student/index.php
Expand Up @@ -14,13 +14,20 @@
$error = false;
$errorMsg = '';


if(strlen($student) > 4) {

// Prevent SQL Injections
$session = $con->real_escape_string($session);
$student = $con->real_escape_string($student);

$sql="SELECT count(1) FROM sessions WHERE s_sid='" . $session . "'";

if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error());
}



$result = $con->query($sql);
$row = $result->fetch_array(MYSQLI_NUM);
$total = $row[0];
Expand Down
2 changes: 1 addition & 1 deletion webserver/teacher/create.php
@@ -1,7 +1,7 @@
<?php

function checkID($con,$id_check) {
$id_check = $con->real_escape_string($id_check);
$id_check = $con->real_escape_string($id_check); // Prevent SQL Injections
$query = "SELECT * FROM sessions WHERE s_sid='" . $id_check . "'";
$result = $con->query($query);
if(count($result->fetch_array(MYSQLI_NUM)) > 0) {
Expand Down
2 changes: 1 addition & 1 deletion webserver/teacher/email/welcome.php
@@ -1,5 +1,5 @@
<?php
/* ONLY USED BY CREATE.PHP, expects:
/* ONLY USED BY ../CREATE.PHP, expects:
1. $email: Email of user
2. $id: Class session name
3. $pass: Specified password for $id
Expand Down
5 changes: 5 additions & 0 deletions webserver/teacher/login.php
Expand Up @@ -15,6 +15,11 @@

$session = $_POST['sid'];
$pass = $_POST['pass'];

// Prevent SQL Injections
$session = $con->real_escape_string($session);
$pass = $con->real_escape_string($pass);


$sql="SELECT count(1) FROM sessions WHERE s_sid='" . $session . "' AND s_pass='" . $pass . "'";

Expand Down
17 changes: 0 additions & 17 deletions webserver/teacher/welcomeEmail.php

This file was deleted.

0 comments on commit 096de58

Please sign in to comment.