Solution Issue #9 #24
Pasquale007
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hey man. I tied to contact you regarding the Issue #9 (Issue #23). I've got a solution for that. Maybe you can take a look:
To fix the SQL Injection, just make sure the user isn't able to insert symbols that can destroy your query ( -, ', ... ). So one possibly is to remove every forbidden symbol. I've done this with the following two lines:
$id=str_replace( "-","", $id);
$id=str_replace( "'","", $id);
Write these two lines direct under every file with $id=$_GET["id"]; (/patient/doctors.php, /patient/booking.php, /patient/settings.php) and you should be fine.
Beta Was this translation helpful? Give feedback.
All reactions