Skip to content

Commit

Permalink
prevent sql injection
Browse files Browse the repository at this point in the history
  • Loading branch information
@brandonfire
brandonfire committed Jan 23, 2015
1 parent 7838dbb commit 307c5d5
Showing 1 changed file with 27 additions and 12 deletions.
39 changes: 27 additions & 12 deletions inc/model.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,9 @@ public function __construct($db_name){
function select_single_rna($new){

try {
$results = $this->db->query("SELECT * FROM `mirna` WHERE Name = '$new'");

$results = $this->db->prepare("SELECT * FROM `mirna` WHERE Name = ?");
$results->bindParam(1,$new);
$results->execute();
} catch(Exception $e)
{
echo"Could not query the database.";
Expand All @@ -25,14 +26,19 @@ function select_single_rna($new){
return $mirnas;
}

function count_rna($name,$tissue){
function count_rna($name,$tissue,$onc=''){
try {
if($tissue == "all"){
$total = $this->db->query("SELECT count(*) FROM mirna WHERE Name LIKE '%$name%'");

$total = $this->db->prepare("SELECT count(*) FROM mirna WHERE Name LIKE ? AND Cancer_Effect LIKE ?");
$total->bindValue(1,"%" . $name . "%");
$total->bindValue(2,"%" . $onc . "%");
$total->execute();
} else {
$total = $this->db->query("SELECT count(*) FROM mirna WHERE Name LIKE '%$name%' AND tissue = '$tissue'");

$total = $this->db->prepare("SELECT count(*) FROM mirna WHERE Name LIKE ? AND tissue = ? AND Cancer_Effect LIKE ?");
$total->bindValue(1,"%" . $name . "%");
$total->bindParam(2,$tissue);
$total->bindValue(3,"%" . $onc . "%");
$total->execute();
}
} catch(Exception $e){
echo"Could not query the database.";
Expand All @@ -42,14 +48,23 @@ function count_rna($name,$tissue){
$total_n = intval($arr[0]["count(*)"]);
return $total_n;
}
function select_rnas($name,$tissue,$records_perpage=100,$c_p=0){
function select_rnas($name,$tissue,$records_perpage=100,$c_p=0,$onc=''){
try {
if($tissue == "all"){
$results = $this->db->query("SELECT * FROM mirna WHERE Name LIKE '%$name%' ORDER BY databaseid ASC LIMIT $records_perpage OFFSET $c_p");

$results = $this->db->prepare("SELECT * FROM mirna WHERE Name LIKE ? AND Cancer_Effect LIKE ? ORDER BY databaseid ASC LIMIT ? OFFSET ?");
$results->bindValue(1,"%" . $name . "%");
$results->bindValue(2,"%" . $onc . "%");
$results->bindParam(3,$records_perpage,PDO::PARAM_INT);
$results->bindParam(4,$c_p,PDO::PARAM_INT);
$results->execute();
} else {
$results = $this->db->query("SELECT * FROM mirna WHERE Name LIKE '%$name%' AND tissue = '$tissue' ORDER BY databaseid ASC LIMIT $records_perpage OFFSET $c_p");

$results = $this->db->prepare("SELECT * FROM mirna WHERE Name LIKE ? AND tissue = ? AND Cancer_Effect LIKE ? ORDER BY databaseid ASC LIMIT ? OFFSET ?");
$results->bindValue(1,"%" . $name . "%");
$total->bindParam(2,$tissue);
$results->bindValue(3,"%" . $onc . "%");
$results->bindParam(4,$records_perpage,PDO::PARAM_INT);
$results->bindParam(5,$c_p,PDO::PARAM_INT);
$results->execute();
}
} catch(Exception $e){
echo"Could not query the database.";
Expand Down

0 comments on commit 307c5d5

Please sign in to comment.