SQL Injection / XSS fixes

2026-02-28 02:44:53 +00:00 · 2022-03-27 20:02:16 +01:00
parent 4650947241
commit 816ba87485
22 changed files with 95 additions and 79 deletions
--- a/invoices.php
+++ b/invoices.php
@@ -69,7 +69,7 @@
  }

  if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
  }else{
    $sb = "invoice_number";
  }