Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

---Please find a secure way so sql injection won\'t happen Zap\' 1=1 and I alrea

ID: 3835869 • Letter: #

Question

---Please find a secure way so sql injection won't happen Zap' 1=1 and I already have an array of the names and so forth...please correct the code

<html>

   <head>

   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <link rel="stylesheet" type="text/css" href="Rehema.css">

   <title>CSTutot Authenticate</title>

</head>

<body>

<?php

      

   // Needed For SQLFunctions getFaculty call

   require_once('Includes/SQLFunctions.php');

  

   // Needed For Utils check_input call

   require_once('Includes/Utils.php');

  

  

  

   // Retrieve Post Data

   $wsuser = check_input($_POST["wsuser"]);  

   $wsemail = check_input($_POST["wsemail"]);  

  

   // Authenticate User

   $student = getStudent($wsuser,$wsemail);      

        if (strlen($student->getTychoname())==0)

        {

         // Show the login form again.

       include('index.html');  

   ?>

         <p></p>

   <p></p>

   <div><table id="myerror">

   <tr><td>             

   <h4>Login Error</h4>

   </td></tr>

   <tr><td>

   Sorry, the username and email do not match any current account.

   </td></tr>

   <tr><td>  

   Try again, or create an account using the link above.

   </td></tr>

   </table>

   </div>

<?php  

   }          

        else

        {

            // Set the session information

                      session_start();

                      $_SESSION['wsuser'] = $wsuser;                     

                    include('SearchSessions.php');  

        }

?>

</body>

</html>

Explanation / Answer

In your, getStudent(user,passwd) is the function to check the username and password combition against the database.

We will use prepare statement to avoid the SQL injection.

here is the code for the function getStudent($uname,$passwd)

I have assumed following :

Student data is stored in STUDENT_DATA table, whoch has uname and passwd columns.

<?php
function getStudent($uname,$passwd)

$stmt = $dbConnection->prepare('SELECT * FROM STUDENT_DATA WHERE username = ? and password = ?);
   $stmt->bind_param('$uname', $username);
   $stmt->bind_param('$passwd', $password);

   $stmt->execute();

   $result = $stmt->get_result();
   while ($row = $result->fetch_assoc()) {
  
   return $result;
   }       
  
}

?>

Related Questions

--------------Initial Outlay--------------------------------------- Net Cash Flo
Question #2706574
------------2) The kinetic energy K (in J) of an object is given by K=1/2mv^2, w
Question #3081132
-----------> This code needs to have the binary function handle a negative numbe
Question #3801917
-----------ASSEMBLY LANGUAGE PROGRAM ONLY PLEASE 32 BIT REGISTERS AND LOWER-----
Question #648564
-----------CODE------------- #include<iostream> using namespace std; float Perce
Question #3856605
----------1-Lipophilic hormones (steroids) generate the synthesis of new protein
Question #3477264
---------> hello i need solution for this question please. and also make sure yo
Question #3743238
--------10------ Conduct the hypothesis test and provide the test statistic, cri
Question #3430292

Navigate

Previous
---Please find a secure way so sql injection won\'t happen Zap\' 1=1 <html> <hea
Next
---Please show all work and equations in details of how thesolution was reached.

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.