AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

SQL Injection / XSS fixes

Browse Source
This commit is contained in:
Marcus Hill
2022-03-27 20:02:16 +01:00
parent 4650947241
commit 816ba87485
22 changed files with 95 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/v1/contacts/read.php
View File

@@ -17,7 +17,7 @@ if(isset($_GET['contact_id'])){
// Specific contact via email (single)
elseif(isset($_GET['contact_email'])){
$email = trim($_GET['contact_email']);
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['contact_email'])));
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND company_id = '$company_id'");
}