hoo2/InformationSystemsSecurity
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix SQL injection in login using prepared statements part 2

Browse Source
This commit is contained in:
Christos Choutouridis 2026-01-10 22:44:55 +02:00
parent 75f47a76b0
commit f94a1ebbd5
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
passman-dev/php/passman/login.php
View File

@ -26,7 +26,8 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
// } // }
require_once __DIR__ . "/config.php"; require_once __DIR__ . "/config.php";
// Use a prepared statement to prevent SQL injection. // SQL injection mitigation: use a prepared statement with bound parameters.
// User input is treated strictly as data, not as part of the SQL syntax.
$stmt = $conn->prepare("SELECT id FROM login_users WHERE username = ? AND password = ?"); $stmt = $conn->prepare("SELECT id FROM login_users WHERE username = ? AND password = ?");
if ($stmt === false) { if ($stmt === false) {