add real_escape_string function to sandbox validate file

waqaskanju · Apr 16, 2023 · 69d3442 · 69d3442
1 parent a734972
commit 69d3442
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 18 deletions.
diff --git a/edit_school.php b/edit_school.php
@@ -17,7 +17,7 @@
 require_once 'sand_box.php';
 $link=$LINK;
 
-if ($SCHOOL_CHANGES=="0") {
+if ($SCHOOL_CHANGES!=1) {
     echo '<div class="bg-danger text-center"> Not allowed!! </div>';
     exit;
 }

diff --git a/edit_school_class.php b/edit_school_class.php
@@ -19,7 +19,7 @@
 $selected_class=$CLASS_NAME;
 $selected_school=$SCHOOL_NAME;
 
-if ($SCHOOL_CHANGES=="0") {
+if ($SCHOOL_CHANGES!=1) {
     echo '<div class="bg-danger text-center"> Not allowed!! </div>';
     exit;
 }

diff --git a/functions.php b/functions.php
@@ -188,20 +188,6 @@ function redirection($sec,$url)
     header("refresh:$sec; url=$url");
 }
 
-/**
- * Validate Form Input;
- *
- * @param string $data Name of the class.
- *
- * @return string return clean data.
- */
-function Validate_input($data)
-{
-    $data = trim($data);
-    $data = stripslashes($data);
-    $data = htmlspecialchars($data);
-    return $data;
-}
 
 /**
  * Show Alert Message

diff --git a/new_code_test.php b/new_code_test.php
@@ -16,4 +16,13 @@
 
 require_once 'sand_box.php';
 $link=$LINK;
+
+
+
+echo $query = 'SELECT Name,Class FROM students_info WHERE Name=? AND Class=?';
+$result = mysqli_execute_query($link, $query, ['Abdullah','5th']);
+foreach ($result as $row) {
+    printf($row["Name"]. $row['Class']);
+    echo "<br>";
+}
 ?>
diff --git a/sand_box.php b/sand_box.php
@@ -904,6 +904,25 @@ function Exam_footer($class,$fail,$pass,$total)
     </div>
     ";
 }
+
+
+/**
+ * Validate Form Input;
+ *
+ * @param string $data Name of the class.
+ *
+ * @return string return clean data.
+ */
+function Validate_input($data)
+{
+
+    global $link;
+    $data = trim($data);
+    $data = stripslashes($data);
+    $data = htmlspecialchars($data);
+    mysqli_real_escape_string($link, $data);
+    return $data;
+}
 ?>
 
 
diff --git a/scripts/check_roll_no.php b/scripts/check_roll_no.php
@@ -14,7 +14,7 @@
  **/
 session_start();
 require_once '../db_connection.php';
-require_once '../functions.php';
+require_once '../sand_box.php';
 $link=$LINK;
 
 

diff --git a/scripts/update_subject_marks.php b/scripts/update_subject_marks.php
@@ -41,7 +41,7 @@
 }
 $q="UPDATE marks SET $subject = $marks WHERE Roll_No=$roll_no";
 // Do this if lock=off, that means lock=0
-// Singel Marks changes=allow means 1.
+// Single Marks changes=allow means 1.
 if ($SINGLE_MARKS_CHANGES==1 && $update_Status==0) {
     $exe=mysqli_query($link, $q) or die('error'.mysqli_error($link));
     if ($exe) {