STEMMechanics/Website
1
0
Fork 0
Code Issues 4 Pull Requests 1 Actions Packages Projects Releases 3 Wiki Activity

fix potential sql injections

Browse Source
This commit is contained in:
James Collins
2023-05-18 09:33:57 +10:00
parent 14d6d59581
commit 0e5c654b02
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
public/shortlink.php
View File

@@ -27,16 +27,21 @@ if (($pos = strpos($code, '?')) !== false) {
}
// lookup code in database
$sql = "SELECT url, used FROM shortlinks WHERE code = '$code'";
$result = $conn->query($sql);
$sql = "SELECT url, used FROM shortlinks WHERE code = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $code);
$stmt->execute();
$result = $stmt->get_result();
// if code is found, redirect to URL and update 'used' column
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
$url = $row["url"];
$used = $row["used"] + 1;
$updateSql = "UPDATE shortlinks SET used = $used WHERE code = '$code'";
$conn->query($updateSql);
$updateSql = "UPDATE shortlinks SET used = $used WHERE code = ?";
$stmt = $conn->prepare($updateSql);
$stmt->bind_param("s", $code);
$stmt->execute();
header("Location: " . $url);
exit();
} else {