Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Application vulnerable to SQL injection attacks #41

Open
Markkaz opened this issue Jul 13, 2021 · 0 comments
Open

Application vulnerable to SQL injection attacks #41

Markkaz opened this issue Jul 13, 2021 · 0 comments
Assignees
@Markkaz
Labels
Security Issue
Milestone
Fully tested

Comments

@Markkaz
Copy link
Owner

Markkaz commented Jul 13, 2021

Not all parameters to queries are escaped and the escaping mechanism used is addslashes.
The documentation of addslashes states:

The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.

The function mysql_real_escape_string should be used instead.
@Markkaz Markkaz added this to the Fully tested milestone Jul 13, 2021
@Markkaz Markkaz self-assigned this Jul 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Markkaz Markkaz

Labels
Security Issue
Projects
None yet
Milestone
Fully tested
Development

No branches or pull requests
1 participant
@Markkaz