Changeset 22


Ignore:
Timestamp:
Dec 26, 2018, 12:09:50 PM (6 years ago)
Author:
chronos
Message:
  • Fixed: SQL injection protection.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/index.php

    r21 r22  
    123123  {
    124124    $Output = '';
    125     //print_r($_GET);
    126125    if (array_key_exists('lvm', $_GET) and ($_GET['lvm'] == 'seznam'))
    127126    {
     
    243242
    244243    $Where = '';
    245     if (array_key_exists('name', $_SESSION) and ($_SESSION['name'] != '')) $Where .= ' AND (Name LIKE "%'.$_SESSION['name'].'%")';
    246     if (array_key_exists('location', $_SESSION) and ($_SESSION['location'] != '')) $Where .= ' AND (Location LIKE "%'.$_SESSION['location'].'%")';
    247     if (array_key_exists('message', $_SESSION) and ($_SESSION['message'] != '')) $Where .= ' AND (Message LIKE "%'.$_SESSION['message'].'%")';
    248     if (array_key_exists('vekod', $_SESSION) and ($_SESSION['vekod'] != '')) $Where .= ' AND (Age >= '.$_SESSION['vekod'].')';
    249     if (array_key_exists('vekdo', $_SESSION) and ($_SESSION['vekdo'] != '')) $Where .= ' AND (Age <= '.$_SESSION['vekdo'].')';
    250     if (array_key_exists('vyskaod', $_SESSION) and ($_SESSION['vyskaod'] != '')) $Where .= ' AND (Height >= '.$_SESSION['vyskaod'].')';
    251     if (array_key_exists('vyskado', $_SESSION) and ($_SESSION['vyskado'] != '')) $Where .= ' AND (Height <= '.$_SESSION['vyskado'].')';
    252     if (array_key_exists('vahaod', $_SESSION) and ($_SESSION['vahaod'] != '')) $Where .= ' AND (Weight >= '.$_SESSION['vahaod'].')';
    253     if (array_key_exists('vahado', $_SESSION) and ($_SESSION['vahado'] != '')) $Where .= ' AND (Weight <= '.$_SESSION['vahado'].')';
    254     if (array_key_exists('pohlavi', $_SESSION) and ($_SESSION['pohlavi'] != '')) $Where .= ' AND (Gender = '.$_SESSION['pohlavi'].')';
     244    if (array_key_exists('name', $_SESSION) and ($_SESSION['name'] != '')) $Where .= ' AND (Name LIKE "%'.$this->Database->real_escape_string($_SESSION['name']).'%")';
     245    if (array_key_exists('location', $_SESSION) and ($_SESSION['location'] != '')) $Where .= ' AND (Location LIKE "%'.$this->Database->real_escape_string($_SESSION['location']).'%")';
     246    if (array_key_exists('message', $_SESSION) and ($_SESSION['message'] != '')) $Where .= ' AND (Message LIKE "%'.$this->Database->real_escape_string($_SESSION['message']).'%")';
     247    if (array_key_exists('vekod', $_SESSION) and ($_SESSION['vekod'] != '')) $Where .= ' AND (Age >= '.$this->Database->real_escape_string($_SESSION['vekod']).')';
     248    if (array_key_exists('vekdo', $_SESSION) and ($_SESSION['vekdo'] != '')) $Where .= ' AND (Age <= '.$this->Database->real_escape_string($_SESSION['vekdo']).')';
     249    if (array_key_exists('vyskaod', $_SESSION) and ($_SESSION['vyskaod'] != '')) $Where .= ' AND (Height >= '.$this->Database->real_escape_string($_SESSION['vyskaod']).')';
     250    if (array_key_exists('vyskado', $_SESSION) and ($_SESSION['vyskado'] != '')) $Where .= ' AND (Height <= '.$this->Database->real_escape_string($_SESSION['vyskado']).')';
     251    if (array_key_exists('vahaod', $_SESSION) and ($_SESSION['vahaod'] != '')) $Where .= ' AND (Weight >= '.$this->Database->real_escape_string($_SESSION['vahaod']).')';
     252    if (array_key_exists('vahado', $_SESSION) and ($_SESSION['vahado'] != '')) $Where .= ' AND (Weight <= '.$this->Database->real_escape_string($_SESSION['vahado']).')';
     253    if (array_key_exists('pohlavi', $_SESSION) and ($_SESSION['pohlavi'] != '')) $Where .= ' AND (Gender = '.$this->Database->real_escape_string($_SESSION['pohlavi']).')';
    255254    if (substr($Where, 0, 4) == ' AND') $Where = substr($Where, 4);
    256255    if ($Where == '') $Where = '1';
Note: See TracChangeset for help on using the changeset viewer.