Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: Avoiding SQL injections using prepared statements of MySQLi (Open for contribution) #30

Open
1 of 3 tasks
aswinikalyan30 opened this issue May 15, 2024 · 6 comments
Open
1 of 3 tasks

Feat: Avoiding SQL injections using prepared statements of MySQLi (Open for contribution) #30

aswinikalyan30 opened this issue May 15, 2024 · 6 comments
Labels
gssoc Contribution to GSSoC '24 level3 Critical bugs/large enhancement of hard complexity

Comments

@aswinikalyan30
Copy link
Collaborator

Describe the feature

In the current implementation , we are directly passing the POST data with session variables into the query string which can expose the application to SQL injection. Re-factor the SQL statements in admin_class.php file to mitigate this.

Add ScreenShots

Refactor items like these into:
image

Prepared statements like these:
image

Record

  • I agree to follow this project's Code of Conduct
  • I'm a GSSOC'24 contributor
  • I want to work on this issue
@aswinikalyan30
Copy link
Collaborator Author

More than 1 can work on this issue and collaborate across files to implement this

@aswinikalyan30 aswinikalyan30 added gssoc Contribution to GSSoC '24 level3 Critical bugs/large enhancement of hard complexity labels May 15, 2024
@anushkasaxena07
Copy link

anushkasaxena07 commented May 15, 2024
edited
Loading

@aswinikalyan30 please assign this issue to me....i would love to work on this .

@aswinikalyan30
Copy link
Collaborator Author

Hey @anushkasaxena07 , there are a lot of queries to be modified and need to ensure everything is working after the changes
I'll assign this to you, but will keep it open so that other contributors can work with you

@anushkasaxena07
Copy link

anushkasaxena07 commented May 15, 2024
edited
Loading

i have to make changes just in admin_class.php file or in others too ? @aswinikalyan30

@aswinikalyan30
Copy link
Collaborator Author

There are direct SQL queries injection in many files, let this issue be only for the admin_class file. Will open another one for the others

@anushkasaxena07 anushkasaxena07 mentioned this issue May 16, 2024
Closed
@aswinikalyan30 aswinikalyan30 changed the title Feat: Avoiding SQL injections using prepared statements of MySQLi Feat: Avoiding SQL injections using prepared statements of MySQLi (Open for contribution) May 28, 2024
@SheetalDawar
Copy link

i would like to work on this project, please assign this to me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
gssoc Contribution to GSSoC '24 level3 Critical bugs/large enhancement of hard complexity
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue #30 #33 Solved anushkasaxena07/Faculty_Evaluation_System
3 participants
@aswinikalyan30 @anushkasaxena07 @SheetalDawar