SQL injection vulnerabilities #9
Comments
|
I don't know if PDO is enable on the server, Seb can you confirm? |
|
PDO should be enabled by default since 2005 or something so it probably is unless somebody explicitly compiled PHP without... I added the mysql_connect() functions back to the sql.php file so you can keep using it, but really you should look into this. The mysql_ functions have been deprecated since PHP5.5 and better alternatives have been around quite a while! I'm not much of a hacker but I still managed to do some very simple sql injections on live.glidernet.org yesterday (nothing harmfull). If you release those other files, maybe I can look into them too. Would be nice to have a database schema though, so I can properly test it before comitting. |
|
PDO is supported by the webserver. |
The code is vulnerable to SQL injection, use prepared statements for queries with user input!
The text was updated successfully, but these errors were encountered: