0

I am getting SQL & URL injection vulnerabilities when I scan my website. This is the code I'm using:

if(isset($_GET["id"]))
{
    if(!is_int($_GET["id"]) ==FALSE)
    {
        //redirect this person back to homepage
    } else {
        $sql = "SELECT * FROM workshop WHERE id=".trim($_GET['id']);
        $result = mysql_query($sql);

        $row = mysql_fetch_assoc($result);
        $id = $row['id'];   
        $prod_name = $row['prod_name']; 
        $description = $row['description']; 
        $image1 = $row['image1'];
        $image2 = $row['image2'];
        $image3 = $row['image3'];
        $pdfFileName = $row['pdfFileName'];
        $publish = $row['publish'];
        $workshop_date = $row['workshop_date'];
        $workshop_date_end = $row['workshop_date_end'];
        $course_desc = $row['course_desc'];
        $attend = $row['attend'];
        $trainer_detail = $row['trainer_detail'];
        $location = $row['location'];

        $dateValue = $row['workshop_date'];
        $year = date('Y',strtotime($dateValue));
        $month = date('F',strtotime($dateValue));
        $day = date('d',strtotime($dateValue));

        $dateValue1 = $row['workshop_date_end'];
        $year1 = date('Y',strtotime($dateValue1));
        $month1 = date('F',strtotime($dateValue1));
        $day1 = date('d',strtotime($dateValue1));
    }
}

How do I fix it?

Hassan Al Ajmi
  • 1
  • 1

1 Answers1

1

The SQL injection problem is in this row:

$sql = "SELECT * FROM workshop WHERE id=".trim($_GET['id']);

You're applying the value from get directly into your query without escaping it.

Do this instead:

$id = mysql_real_escape_string(trim($_GET['id']));
$sql = "SELECT * FROM workshop WHERE id=$id";

Remember that you're using deprecated mysql_* functions, mysqli_* should be used instead. Consider updating your code.

Phiter
  • 14,570
  • 14
  • 50
  • 84
  • thank you very much ...... can you please explan me more about how to Remember that you're using deprecated mysql_* functions, mysqli_* should be used instead. Consider updating your code. what should i change and where – Hassan Al Ajmi Jan 17 '16 at 17:39
  • It's simple. You're using the mysql_ functions, which were deprecated and taken out of PHP7. They are less safe and have less resources. You should use mysqli_ functions, they are improved and are better. Look this question for more info http://stackoverflow.com/questions/1171344/advantages-of-mysqli-over-mysql – Phiter Jan 17 '16 at 17:57