fix:fix the sql injection
parent
38551c4174
commit
e8a181d795
42
Script.php
42
Script.php
|
@ -248,7 +248,7 @@ if (!empty($_POST["frm_reset_password"])) {
|
|||
|
||||
// Password Update
|
||||
$hashed_password = hash('sha512', $password);
|
||||
$sql = "UPDATE users_table set HashPassword='$hashed_password' where User_ID=$userid;";
|
||||
$sql = "UPDATE users_table set HashPassword='$hashed_password' where User_ID='$userid';";
|
||||
if ($con->query($sql) === TRUE) {
|
||||
|
||||
error_reporting(0);
|
||||
|
@ -430,7 +430,7 @@ if (!empty($_POST["frm_uploadlab"])) {
|
|||
|
||||
$sql = "INSERT INTO `lab_reports_table`(`Course_ID`, `Posted_Date`, `Deadline`, `Instructions`,
|
||||
`Title`, `Attachment_link_1`, `Attachment_link_2`, `Attachment_link_3`, `Attachment_link_4`,Marks,Type)
|
||||
VALUES ('$course_id','$date','$deadline','$instructions','$title','$targetfile','$targetfile2','$targetfile3','$targetfile3',$marks,'$type')";
|
||||
VALUES ('$course_id','$date','$deadline','$instructions','$title','$targetfile','$targetfile2','$targetfile3','$targetfile3','$marks','$type')";
|
||||
|
||||
if ($con->query($sql) === TRUE) {
|
||||
|
||||
|
@ -467,7 +467,7 @@ if (!empty($_POST["frm_submitlab"])) {
|
|||
$date = date("Y-m-d H:i:s");
|
||||
|
||||
// GET UPLOADED FILES
|
||||
$labName = mysqli_query($con, "SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID=$lab_id");
|
||||
$labName = mysqli_query($con, "SELECT * FROM `lab_reports_table` WHERE Lab_Report_ID='$lab_id'");
|
||||
while ($row = mysqli_fetch_assoc($labName)) {
|
||||
$lab_name = $row['Title'];
|
||||
$_SESSION['Sub_Type'] = $row['Type']; // submission type, either Individual or Group
|
||||
|
@ -571,13 +571,13 @@ if (!empty($_POST["frm_submitlab"])) {
|
|||
$group_id = 0; // FIXME
|
||||
}
|
||||
|
||||
$sql1 = "DELETE FROM lab_report_submissions where Lab_Report_ID=$lab_id and Student_id=$student_id and Course_Group_id=$group_id";
|
||||
$sql1 = "DELETE FROM lab_report_submissions where Lab_Report_ID='$lab_id' and Student_id='$student_id' and Course_Group_id='$group_id'";
|
||||
if ($con->query($sql1) === TRUE) {
|
||||
}
|
||||
|
||||
$sql = "INSERT INTO `lab_report_submissions`(`Submission_Date`, `Lab_Report_ID`, `Student_id`,"
|
||||
. " `Course_Group_id`, `Attachment1`, `Notes`, `Attachment2`, `Attachment3`, `Attachment4`, `Status`, `Title`,`Remarking_Reason`)"
|
||||
. " VALUES ('$date',$lab_id,$student_id,$group_id,'$targetfile','$instructions','$targetfile2','$targetfile3','$targetfile4',"
|
||||
. " VALUES ('$date','$lab_id','$student_id','$group_id','$targetfile','$instructions','$targetfile2','$targetfile3','$targetfile4',"
|
||||
. "'Pending','$title','')";
|
||||
|
||||
if ($con->query($sql) === TRUE) {
|
||||
|
@ -665,7 +665,7 @@ if (!empty($_GET["updatevisibility"])) {
|
|||
$header = mysqli_real_escape_string($con, $_GET["header"]);
|
||||
$labid = mysqli_real_escape_string($con, $_GET["labid"]);
|
||||
|
||||
$sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID=$id
|
||||
$sql = "UPDATE `lab_report_submissions` SET `Visibility`='$status' WHERE Submission_ID='$id'
|
||||
";
|
||||
|
||||
if ($con->query($sql) === TRUE) {
|
||||
|
@ -687,7 +687,7 @@ if (!empty($_GET["remarking"])) {
|
|||
$status = mysqli_real_escape_string($con, $_GET["status"]);
|
||||
$details = mysqli_real_escape_string($con, $_GET["details"]);
|
||||
|
||||
$sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID=$id
|
||||
$sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID='$id'
|
||||
";
|
||||
|
||||
if ($con->query($sql) === TRUE) {
|
||||
|
@ -709,7 +709,7 @@ if (!empty($_GET["creategroup"])) {
|
|||
$name = mysqli_real_escape_string($con, $_GET["name"]);
|
||||
|
||||
$sql = "INSERT INTO `course_groups_table`(`Group_Name`,
|
||||
`Group_Leader`, `Course_id`) VALUES ('$name',$student_id,$id)";
|
||||
`Group_Leader`, `Course_id`) VALUES ('$name','$student_id','$id')";
|
||||
|
||||
if ($con->query($sql) === TRUE) {
|
||||
|
||||
|
@ -719,7 +719,7 @@ if (!empty($_GET["creategroup"])) {
|
|||
}
|
||||
|
||||
$sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`)
|
||||
VALUES ($gid,$student_id,'Created')";
|
||||
VALUES ('$gid','$student_id','Created')";
|
||||
if ($con->query($sql) === TRUE) {
|
||||
$_SESSION["info_ReMarking"] = "Course group Created";
|
||||
header("Location: Course.php?url=" . $url);
|
||||
|
@ -746,7 +746,7 @@ if (!empty($_GET["groupinvite"])) {
|
|||
header("Location: Course.php?url=" . $url);
|
||||
} else {
|
||||
$sql = "INSERT INTO `course_group_members_table`( `Course_Group_id`, `Student_ID`, `Status`)
|
||||
VALUES ($groupid,$student_id,'Invited')";
|
||||
VALUES ('$groupid','$student_id','Invited')";
|
||||
}
|
||||
|
||||
if ($con->query($sql) === TRUE) {
|
||||
|
@ -800,10 +800,10 @@ if (!empty($_GET["acceptinvite"])) {
|
|||
$groupid = mysqli_real_escape_string($con, $_GET["groupid"]);
|
||||
|
||||
if ($action == 1) {
|
||||
$sql = "Update `course_group_members_table` set Status='Joined' where Course_Group_id =$groupid and student_id=$student_id
|
||||
$sql = "Update `course_group_members_table` set Status='Joined' where Course_Group_id ='$groupid' and student_id='$student_id'
|
||||
";
|
||||
} else {
|
||||
$sql = "Delete from `course_group_members_table` where Course_Group_id =$groupid and student_id=$student_id
|
||||
$sql = "Delete from `course_group_members_table` where Course_Group_id ='$groupid' and student_id='$student_id'
|
||||
";
|
||||
}
|
||||
|
||||
|
@ -830,11 +830,11 @@ if (!empty($_GET["extenddeadline"])) {
|
|||
$deadline = $date . " " . $time;
|
||||
|
||||
if ($type == 1) {
|
||||
$sql = "UPDATE `lab_reports_table` SET `Deadline`='$deadline' WHERE Lab_Report_ID=$id";
|
||||
$sql = "UPDATE `lab_reports_table` SET `Deadline`='$deadline' WHERE Lab_Report_ID='$id'";
|
||||
} else {
|
||||
$sql = "INSERT INTO `extended_deadlines_table`(`Student_ID`, "
|
||||
. "`Lab_Report_ID`, `Extended_Deadline_Date`,"
|
||||
. " `ReasonsForExtension`) VALUES ($stdid,$id,'$deadline','$reason')";
|
||||
. " `ReasonsForExtension`) VALUES ('$stdid','$id','$deadline','$reason')";
|
||||
}
|
||||
|
||||
if ($con->query($sql) === TRUE) {
|
||||
|
@ -856,7 +856,7 @@ if (!empty($_GET["ignoreremarking"])) {
|
|||
|
||||
$subid = mysqli_real_escape_string($con, $_GET["subid"]);
|
||||
|
||||
$sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID=$subid";
|
||||
$sql = "UPDATE lab_report_submissions SET Status='Marked' WHERE Submission_ID='$subid'";
|
||||
|
||||
if ($con->query($sql) === TRUE) {
|
||||
|
||||
|
@ -874,7 +874,7 @@ if (!empty($_GET["assignTA"])) {
|
|||
$id = mysqli_real_escape_string($con, $_GET["id"]);
|
||||
$ta = mysqli_real_escape_string($con, $_GET["ta"]);
|
||||
|
||||
$sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ($id,$ta)";
|
||||
$sql = "INSERT INTO `course_ta`(`Course_ID`, `TA`) VALUES ('$id','$ta')";
|
||||
|
||||
if ($con->query($sql) === TRUE) {
|
||||
|
||||
|
@ -893,9 +893,9 @@ if (!empty($_GET["AcceptStudent"])) {
|
|||
$rs = mysqli_real_escape_string($con, $_GET["rs"]);
|
||||
|
||||
if ($rs == "yes") {
|
||||
$sql = "Update course_students_table set Status='Joined' Where ID=$id";
|
||||
$sql = "Update course_students_table set Status='Joined' Where ID='$id'";
|
||||
} else {
|
||||
$sql = "Delete FROM course_students_table Where ID=$id";
|
||||
$sql = "Delete FROM course_students_table Where ID='$id'";
|
||||
}
|
||||
|
||||
if ($con->query($sql) === TRUE) {
|
||||
|
@ -931,7 +931,7 @@ if (!empty($_GET["action"])) {
|
|||
}
|
||||
|
||||
if ($action == "passchange" && $_SESSION['user_id'] == $uid) {
|
||||
$sql = "UPDATE users_table set Password='$pass' where User_ID=$uid;";
|
||||
$sql = "UPDATE users_table set Password='$pass' where User_ID='$uid';";
|
||||
if ($con->query($sql) === TRUE) {
|
||||
error_reporting(0);
|
||||
echo "Password has been changed";
|
||||
|
@ -945,7 +945,7 @@ if (!empty($_GET["action"])) {
|
|||
}
|
||||
|
||||
if ($action == "statuschange" && $_SESSION['user_id'] == $uid && ($_SESSION['user_type'] == "Lecturer" || $_SESSION['user_type'] == "Admin")) {
|
||||
$sql = "UPDATE users_table set Status='$status' where User_ID=$uid;";
|
||||
$sql = "UPDATE users_table set Status='$status' where User_ID='$uid';";
|
||||
if ($con->query($sql) === TRUE) {
|
||||
$_SESSION["info_Admin_Users"] = $type . " user Status updated successfully ";
|
||||
header("Location: Admin.php");
|
||||
|
@ -1018,7 +1018,7 @@ INNER JOIN lab_reports_table on lab_reports_table.Lab_Report_ID=lab_report_submi
|
|||
|
||||
INNER JOIN users_table on users_table.Student_ID=lab_report_submissions.Student_id
|
||||
|
||||
WHERE lab_report_submissions.Lab_Report_ID=$lab";
|
||||
WHERE lab_report_submissions.Lab_Report_ID='$lab'";
|
||||
|
||||
$export = mysqli_query($con, $select);
|
||||
|
||||
|
|
Loading…
Reference in New Issue