AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 10:54:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed password issue causing SQL escape characters to add slashes remove mysqli_real_escape_string as its not needs, md5 produces no sql escape characters by default so it it does not need santized

Browse Source
This commit is contained in:
johnny@pittpc.com
2019-09-24 14:52:53 -04:00
parent 37270183c5
commit bc61b59244
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
login.php
View File

@@ -25,7 +25,7 @@ session_start();
if(isset($_POST['login'])){
$email = mysqli_real_escape_string($mysqli,$_POST['email']);
$password = md5(mysqli_real_escape_string($mysqli,$_POST['password']));
$password = md5($_POST['password']);
$current_code = mysqli_real_escape_string($mysqli,$_POST['current_code']);
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE email = '$email' AND password = '$password'");