AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Security Mysql Escaped current_code POST var under login

This commit is contained in:
johnny@pittpc.com 2019-08-28 21:56:45 -04:00
parent bbf8756882
commit 2d5ac7c2e6
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
login.php
View File

@ -16,7 +16,7 @@ if(isset($_POST['login'])){
$email = mysqli_real_escape_string($mysqli,$_POST['email']);
$password = md5(mysqli_real_escape_string($mysqli,$_POST['password']));
$current_code = $_POST['current_code'];
$current_code = mysqli_real_escape_string($mysqli,$_POST['current_code']);
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE email = '$email' AND password = '$password'");