Skip to content
This repository has been archived by the owner on Oct 8, 2023. It is now read-only.

Commit

Permalink
Fix: Sql injection and XSS
Browse files Browse the repository at this point in the history
  • Loading branch information
@drajathasan
drajathasan committed Oct 31, 2020
1 parent dbc41c2 commit 6860505
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions add_essay.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,8 +143,8 @@

// Update Data
if (isset($_POST['saveData']) AND $can_read AND $can_write) {
$memberID = trim($_POST['memberID']);
$memberEssay = trim($_POST['memberEssay']);
$memberID = trim($dbs->escape_string($_POST['memberID']));
$memberEssay = trim($dbs->escape_string($_POST['memberEssay']));
if (empty($memberEssay)) {
utility::jsAlert(__('Judul skripsi tidak boleh kosong!'));
exit();
Expand All @@ -157,7 +157,7 @@
}
exit();
} else {
print('<div class="infoBox"><font style="color: #f00">Tidak ditemukan Id Anggota dengan nomor&nbsp; : '.$_GET['keywords'].'</font></div>');
print('<div class="infoBox"><font style="color: #f00">Tidak ditemukan Id Anggota dengan nomor&nbsp; : '.str_replace(['\'', '"'], '', strip_tags($_GET['keywords'])).'</font></div>');
}
} else {
echo '<div class="infoBox"><font style="color: #f00">Masukan ID Anggota pada kotak pencarian, untuk menambahkan data</font></div>';
Expand Down

0 comments on commit 6860505

Please sign in to comment.