jonasled2/website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix two times sql injection possible

Browse source
This commit is contained in:
Jonas Leder 2022-03-16 10:18:46 +01:00
parent b4371f8db4
commit 9c236bba83
3 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
public/API/queries/blogPost.php
View file

@ -39,6 +39,7 @@ function blogPost($id, $conn)
function blogPosts($count, $contentLength, $conn) function blogPosts($count, $contentLength, $conn)
{ {
$response = []; $response = [];
$count = $conn->real_escape_string($count);
$result = $conn->query("SELECT * FROM posts order by id desc limit $count"); $result = $conn->query("SELECT * FROM posts order by id desc limit $count");
if ($result->num_rows > 0) { if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {
@ -62,4 +63,4 @@ function blogPosts($count, $contentLength, $conn)
} }
return $response; return $response;
} }

1
public/API/queries/comments.php
View file

@ -18,6 +18,7 @@ $commentField = new ObjectType([
function comments($article, $conn) function comments($article, $conn)
{ {
$response = []; $response = [];
$article = $conn->real_escape_string($article);
$result = $conn->query("SELECT * FROM comments WHERE article='$article'"); $result = $conn->query("SELECT * FROM comments WHERE article='$article'");
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {
$commentElement = [ $commentElement = [

2
public/API/queries/skills.php
View file

@ -20,4 +20,4 @@ function getSkills() {
array_push($response, $skill["Key"]); array_push($response, $skill["Key"]);
} }
return $response; return $response;
} }