Paul
/
Security-VM
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update product_detail_replace.php

Browse Source 
Make the compare case-insensitive to prevent lowercase 'select' from passing-by
Paul Wagener 12 years ago
parent ab743acf98
commit 38e0c9fb53
1 changed files with 2 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      webshop/product_detail_replace.php

4
webshop/product_detail_replace.php
Unescape View File

@ -62,8 +62,8 @@ $connection = new mysqli('localhost', 'webshop', 'pass', 'webshop')
$id = $_GET['id']; $id = $_GET['id'];
// Damn hackers, let's filter out all SELECT and UNION to be extra safe! // Damn hackers, let's filter out all SELECT and UNION to be extra safe!
$id = str_replace('SELECT', '', $id); $id = str_ireplace('SELECT', '', $id);
$id = str_replace('UNION', '', $id); $id = str_ireplace('UNION', '', $id);
$query = 'SELECT naam, afbeelding, beschrijving, prijs FROM producten WHERE id = ' . $connection->real_escape_string($id); $query = 'SELECT naam, afbeelding, beschrijving, prijs FROM producten WHERE id = ' . $connection->real_escape_string($id);

Write Preview
Loading…
Cancel
Save