fix two times sql injection possible
This commit is contained in:
parent
b4371f8db4
commit
9c236bba83
3 changed files with 4 additions and 2 deletions
|
@ -39,6 +39,7 @@ function blogPost($id, $conn)
|
||||||
function blogPosts($count, $contentLength, $conn)
|
function blogPosts($count, $contentLength, $conn)
|
||||||
{
|
{
|
||||||
$response = [];
|
$response = [];
|
||||||
|
$count = $conn->real_escape_string($count);
|
||||||
$result = $conn->query("SELECT * FROM posts order by id desc limit $count");
|
$result = $conn->query("SELECT * FROM posts order by id desc limit $count");
|
||||||
if ($result->num_rows > 0) {
|
if ($result->num_rows > 0) {
|
||||||
while ($row = $result->fetch_assoc()) {
|
while ($row = $result->fetch_assoc()) {
|
||||||
|
@ -62,4 +63,4 @@ function blogPosts($count, $contentLength, $conn)
|
||||||
}
|
}
|
||||||
|
|
||||||
return $response;
|
return $response;
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,6 +18,7 @@ $commentField = new ObjectType([
|
||||||
function comments($article, $conn)
|
function comments($article, $conn)
|
||||||
{
|
{
|
||||||
$response = [];
|
$response = [];
|
||||||
|
$article = $conn->real_escape_string($article);
|
||||||
$result = $conn->query("SELECT * FROM comments WHERE article='$article'");
|
$result = $conn->query("SELECT * FROM comments WHERE article='$article'");
|
||||||
while ($row = $result->fetch_assoc()) {
|
while ($row = $result->fetch_assoc()) {
|
||||||
$commentElement = [
|
$commentElement = [
|
||||||
|
|
|
@ -20,4 +20,4 @@ function getSkills() {
|
||||||
array_push($response, $skill["Key"]);
|
array_push($response, $skill["Key"]);
|
||||||
}
|
}
|
||||||
return $response;
|
return $response;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue