Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #11 from dbursem/master
Fixed SQL injection vulnerabilities by using PDO statements
  • Loading branch information
cunimb committed Feb 7, 2015
2 parents db210f3 + b1dd4b1 commit bc0f199
Show file tree
Hide file tree
Showing 4 changed files with 81 additions and 63 deletions.
2 changes: 2 additions & 0 deletions .gitignore
@@ -0,0 +1,2 @@
.idea
config.php
9 changes: 9 additions & 0 deletions config.php
@@ -0,0 +1,9 @@
<?php

$cfg = [
"db_type" => 'mysql',
"db_host" => 'localhost',
"db_user" => '',
"db_pass" => '',
"db_name" => '',
];
97 changes: 49 additions & 48 deletions index.php
@@ -1,61 +1,64 @@
<?php
$link="";
require('sql.php');
ouvrebase();

if (isset($_GET['rec'])) { $recc="'&r=".$_GET['rec']."'"; $reqc=" AND rec='".$_GET['rec']."'"; } else { $recc = "\"\""; $reqc=""; }
if (isset($_GET['pw'])) { $parc="'&p=".$_GET['pw']."'"; } else { $parc = "\"\""; }

$q="select * from live where tim > 0";

if (isset($_GET['rec']))
{
$recc="'&r=".$_GET['rec']."'";
$q .=" AND rec=?";
$params[] = $_GET['rec'];
}
else
{
$recc = "\"\"";
}

$req="select * from live where tim > 0";
$req.=$reqc;
if (isset($_GET['pw']))
{
$parc="'&p=".$_GET['pw']."'";
}
else
{
$parc = "\"\"";
}


$latmax=$latmin=$lonmax=$lonmin=0;

if (!$result=@mysql_query ($req))
{
echo "<BR><BR><CENTER>Request error $req</CENTER><BR><BR>";
@mysql_close($link);
exit();
}


if (@mysql_num_rows($result)==0)
{
$latmax=60;
$latmin=35;
$lonmax=30;
$lonmin=-10;
$lon=2;
$lat=45;


}
$stmt = $dbh->prepare($q);
$stmt->execute($params);

if ($stmt->rowCount() == 0)
{
$latmax=60;
$latmin=35;
$lonmax=30;
$lonmin=-10;
$lon=2;
$lat=45;
}
else
{

$aa=0;

while($ligne = @mysql_fetch_array($result))
{
$aa=0;
while($ligne = $stmt->fetch(PDO::FETCH_ASSOC))
{
extract($ligne);
if ($aa==0)
{
$latmax=$latmin=$lat;
$lonmax=$lonmin=$lon;
$aa=1;
}
else
{
if ($lat>$latmax) $latmax=$lat;
if ($lat<$latmin) $latmin=$lat;
if ($lon>$lonmax) $lonmax=$lon;
if ($lon<$lonmin) $lonmin=$lon;
}
extract($ligne);
if ($aa==0)
{
$latmax=$latmin=$lat;
$lonmax=$lonmin=$lon;
$aa=1;
}
else
{
if ($lat>$latmax) $latmax=$lat;
if ($lat<$latmin) $latmin=$lat;
if ($lon>$lonmax) $lonmax=$lon;
if ($lon<$lonmin) $lonmin=$lon;
}
}
}
}


echo "<!DOCTYPE html>
Expand Down Expand Up @@ -123,5 +126,3 @@
</body>
</html>";
@mysql_close($link);
?>
36 changes: 21 additions & 15 deletions sql.php
@@ -1,23 +1,29 @@
<?php
function ouvrebase()
{
// **************** Connexion et ouverture de la base ************************
global $link;
//if (!($link = @mysql_connect( ))) // en local
if (!($link = @mysql_connect("****hostname****", "****username****", "****password****" ))) //
{
include 'config.php';

try
{
$dbh = new PDO($cfg['db_type'].':host='.$cfg['db_host'].';dbname='.$cfg['db_name'], $cfg['db_user'], $cfg['db_pass']);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}

//legacy mysql_connect for non-released code:

$link;
if (!($link = @mysql_connect($cfg['db_host'], $cfg['db_user'], $cfg['db_pass'] ))) //
{
echo "<BR><BR><CENTER>Connection not possible</CENTER><BR><BR>";
@mysql_close($link);
exit();
}
}

if (!(@mysql_select_db ("****databasename****",$link)))
{
if (!(@mysql_select_db ($cfg['db_name'],$link)))
{
echo "<BR><BR><CENTER>Database access not possible</CENTER><BR><BR>";
@mysql_close($link);
exit();
}
// ***************************************************************************

}
?>
}
// ***************************************************************************

0 comments on commit bc0f199

Please sign in to comment.