From e8a181d795691be230841ea487d9ffbd4b4e3fb7 Mon Sep 17 00:00:00 2001 From: Xuxfff <1683793776@qq.com> Date: Wed, 12 Oct 2022 14:17:50 +0800 Subject: [PATCH] fix:fix the sql injection --- Script.php | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/Script.php b/Script.php index d1110ef..b089078 100644 --- a/Script.php +++ b/Script.php @@ -248,7 +248,7 @@ if (!empty($_POST["frm_reset_password"])) { // Password Update $hashed_password = hash('sha512', $password); - $sql = "UPDATE users_table set HashPassword='$hashed_password' where User_ID=$userid;"; + $sql = "UPDATE users_table set HashPassword='$hashed_password' where User_ID='$userid';"; if ($con->query($sql) === TRUE) { error_reporting(0); @@ -430,7 +430,7 @@ if (!empty($_POST["frm_uploadlab"])) { $sql = "INSERT INTO `lab_reports_table`(`Course_ID`, `Posted_Date`, `Deadline`, `Instructions`, `Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`,Marks,Type) - VALUES ('$course_id','$date','$deadline','$instructions','$title','$targetfile','$targetfile2','$targetfile3','$targetfile3',$marks,'$type')"; + VALUES ('$course_id','$date','$deadline','$instructions','$title','$targetfile','$targetfile2','$targetfile3','$targetfile3','$marks','$type')"; if ($con->query($sql) === TRUE) { @@ -467,7 +467,7 @@ if (!empty($_POST["frm_submitlab"])) { $date = date("Y-m-d H:i:s"); // GET UPLOADED FILES - $labName = mysqli_query($con, "SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID=$lab_id"); + $labName = mysqli_query($con, "SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID='$lab_id'"); while ($row = mysqli_fetch_assoc($labName)) { $lab_name = $row['Title']; $_SESSION['Sub_Type'] = $row['Type']; // submission type, either Individual or Group @@ -571,13 +571,13 @@ if (!empty($_POST["frm_submitlab"])) { $group_id = 0; // FIXME } - $sql1 = "DELETE FROM lab_report_submissions where Lab_Report_ID=$lab_id and Student_id=$student_id and Course_Group_id=$group_id"; + $sql1 = "DELETE FROM lab_report_submissions where Lab_Report_ID='$lab_id' and Student_id='$student_id' and Course_Group_id='$group_id'"; if ($con->query($sql1) === TRUE) { } $sql = "INSERT INTO `lab_report_submissions`(`Submission_Date`, `Lab_Report_ID`, `Student_id`," . " `Course_Group_id`, `Attachment1`, `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Status`, `Title`,`Remarking_Reason`)" - . " VALUES ('$date',$lab_id,$student_id,$group_id,'$targetfile','$instructions','$targetfile2','$targetfile3','$targetfile4'," + . " VALUES ('$date','$lab_id','$student_id','$group_id','$targetfile','$instructions','$targetfile2','$targetfile3','$targetfile4'," . "'Pending','$title','')"; if ($con->query($sql) === TRUE) { @@ -665,7 +665,7 @@ if (!empty($_GET["updatevisibility"])) { $header = mysqli_real_escape_string($con, $_GET["header"]); $labid = mysqli_real_escape_string($con, $_GET["labid"]); - $sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID=$id + $sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID='$id' "; if ($con->query($sql) === TRUE) { @@ -687,7 +687,7 @@ if (!empty($_GET["remarking"])) { $status = mysqli_real_escape_string($con, $_GET["status"]); $details = mysqli_real_escape_string($con, $_GET["details"]); - $sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID=$id + $sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID='$id' "; if ($con->query($sql) === TRUE) { @@ -709,7 +709,7 @@ if (!empty($_GET["creategroup"])) { $name = mysqli_real_escape_string($con, $_GET["name"]); $sql = "INSERT INTO `course_groups_table`(`Group_Name`, - `Group_Leader`, `Course_id`) VALUES ('$name',$student_id,$id)"; + `Group_Leader`, `Course_id`) VALUES ('$name','$student_id','$id')"; if ($con->query($sql) === TRUE) { @@ -719,7 +719,7 @@ if (!empty($_GET["creategroup"])) { } $sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`) - VALUES ($gid,$student_id,'Created')"; + VALUES ('$gid','$student_id','Created')"; if ($con->query($sql) === TRUE) { $_SESSION["info_ReMarking"] = "Course group Created"; header("Location: Course.php?url=" . $url); @@ -746,7 +746,7 @@ if (!empty($_GET["groupinvite"])) { header("Location: Course.php?url=" . $url); } else { $sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`) - VALUES ($groupid,$student_id,'Invited')"; + VALUES ('$groupid','$student_id','Invited')"; } if ($con->query($sql) === TRUE) { @@ -800,10 +800,10 @@ if (!empty($_GET["acceptinvite"])) { $groupid = mysqli_real_escape_string($con, $_GET["groupid"]); if ($action == 1) { - $sql = "Update `course_group_members_table` set Status='Joined' where Course_Group_id =$groupid and student_id=$student_id + $sql = "Update `course_group_members_table` set Status='Joined' where Course_Group_id ='$groupid' and student_id='$student_id' "; } else { - $sql = "Delete from `course_group_members_table` where Course_Group_id =$groupid and student_id=$student_id + $sql = "Delete from `course_group_members_table` where Course_Group_id ='$groupid' and student_id='$student_id' "; } @@ -830,11 +830,11 @@ if (!empty($_GET["extenddeadline"])) { $deadline = $date . " " . $time; if ($type == 1) { - $sql = "UPDATE `lab_reports_table` SET `Deadline`='$deadline' WHERE Lab_Report_ID=$id"; + $sql = "UPDATE `lab_reports_table` SET `Deadline`='$deadline' WHERE Lab_Report_ID='$id'"; } else { $sql = "INSERT INTO `extended_deadlines_table`(`Student_ID`, " . "`Lab_Report_ID`, `Extended_Deadline_Date`," - . " `ReasonsForExtension`) VALUES ($stdid,$id,'$deadline','$reason')"; + . " `ReasonsForExtension`) VALUES ('$stdid','$id','$deadline','$reason')"; } if ($con->query($sql) === TRUE) { @@ -856,7 +856,7 @@ if (!empty($_GET["ignoreremarking"])) { $subid = mysqli_real_escape_string($con, $_GET["subid"]); - $sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID=$subid"; + $sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID='$subid'"; if ($con->query($sql) === TRUE) { @@ -874,7 +874,7 @@ if (!empty($_GET["assignTA"])) { $id = mysqli_real_escape_string($con, $_GET["id"]); $ta = mysqli_real_escape_string($con, $_GET["ta"]); - $sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ($id,$ta)"; + $sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ('$id','$ta')"; if ($con->query($sql) === TRUE) { @@ -893,9 +893,9 @@ if (!empty($_GET["AcceptStudent"])) { $rs = mysqli_real_escape_string($con, $_GET["rs"]); if ($rs == "yes") { - $sql = "Update course_students_table set Status='Joined' Where ID=$id"; + $sql = "Update course_students_table set Status='Joined' Where ID='$id'"; } else { - $sql = "Delete FROM course_students_table Where ID=$id"; + $sql = "Delete FROM course_students_table Where ID='$id'"; } if ($con->query($sql) === TRUE) { @@ -931,7 +931,7 @@ if (!empty($_GET["action"])) { } if ($action == "passchange" && $_SESSION['user_id'] == $uid) { - $sql = "UPDATE users_table set Password='$pass' where User_ID=$uid;"; + $sql = "UPDATE users_table set Password='$pass' where User_ID='$uid';"; if ($con->query($sql) === TRUE) { error_reporting(0); echo "Password has been changed"; @@ -945,7 +945,7 @@ if (!empty($_GET["action"])) { } if ($action == "statuschange" && $_SESSION['user_id'] == $uid && ($_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "Admin")) { - $sql = "UPDATE users_table set Status='$status' where User_ID=$uid;"; + $sql = "UPDATE users_table set Status='$status' where User_ID='$uid';"; if ($con->query($sql) === TRUE) { $_SESSION["info_Admin_Users"] = $type . " user Status updated successfully "; header("Location: Admin.php"); @@ -1018,7 +1018,7 @@ INNER JOIN lab_reports_table on lab_reports_table.Lab_Report_ID=lab_report_submi INNER JOIN users_table on users_table.Student_ID=lab_report_submissions.Student_id -WHERE lab_report_submissions.Lab_Report_ID=$lab"; +WHERE lab_report_submissions.Lab_Report_ID='$lab'"; $export = mysqli_query($con, $select);