php vulnerabilities

Question

php vulnerabilities

Navigation

#1 by (1 votes)

2

Is it good to query the database within the php code? For example:

    <?
$restIds=$_SESSION['restaurants'];
$restIds=substr($restIds,0,strlen($restIds)-1);

$query="SELECT cli.restaurant_id as id, CONCAT(cli.nombre,' ',cli.sucursal) as nombre FROM s3menudt.clientes cli left join options opt on (opt.restId=cli.restaurant_id) WHERE cli.restaurant_id in ($restIds) and opt.controlCatalogos=1";

$result = $mysqli->query($query);

if (mysqli_num_rows($result)!=0)
{
    ?><label>Sucursal:</label>
    <select name="idSucursal" id="idSucursal"><?
    while($row = $result->fetch_array(MYSQLI_ASSOC))
    {
        if($fst==0 and $_SESSION['idSucursal']==''){
            $_SESSION['idSucursal']=$row['id'];
        }
        echo '<option id="'.$row['id'].'" value="'.$row['id'].'"';
        if($row['id']==$_SESSION['idSucursal']) echo ' selected';
        echo '>'.$row['nombre'].'</option>';

        $fst++;
    }
    ?></select><br><?
}
else{ echo "<script>alert('No hay sucursales configuradas para edición Web.'); window.top.location='../landing/index.php'; </script>"; die(); }
?>
</div>
<?
    $col = $col + 2;
    $jsvars .= 'var idSucursal = $("#idSucursal").val();
    ';
    $params .= 'idSucursal';
    $fsucursalCat = false;
}

elseif($fcatalogos){ ?>
<!-- ++++++++++++ CATÁLOGO ++++++++++++ -->
<div class="col-md-2">
<?

Does this cause vulnerabilities?

php

asked by Alejandro Estupiñán 28.12.2018 в 19:26

source

1 answer

Error when using __construct in a child of a MySQL class (it is solved by not using __construct but I need it if or if) Sort with NSSortDescriptor

score 1 · Accepted Answer

This code you present has a significant vulnerability over an SQL injection attack.

How to fix it?

You must use prepared statements and "parameterized" queries. These are SQL statements that are sent and analyzed by the database server separately from any parameter. This way it is impossible for an attacker to do an sql injection.

In your case, using MySqli the code would look something like this:

//Creo que tu conexión es $mysqli  ????
$stmt = $dbConnection->prepare('SELECT cli.restaurant_id as id, CONCAT(cli.nombre,' ',cli.sucursal) as nombre FROM s3menudt.clientes cli left join options opt on (opt.restId=cli.restaurant_id) WHERE cli.restaurant_id in ($restIds) and opt.controlCatalogos=1');

$stmt->bind_param('s', $nombre); // 's' especifica el tipo de dato => 'string'

$stmt->execute();

$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
    // Hacer cosas seguras :)
}

Check out this question in OS: link