0

I have found in my Script this 2 Problems, SQL Injection and Cross-Site Scripting.

SQL Injection:

$cate = mysqli_real_escape_string($connection, @$_REQUEST['cat']);
$categ = mysqli_query($connection, "SELECT * FROM articles WHERE category='$cate'");

Where the category='$cate' is the Problem.

XSS:

 echo'<a href="../category/category.php?cat='.$id_c.'&pn=1" class="list-group-item">'.$catego.'</a>';

But i dont understand why is $cate wrong?

Anyone an Example for the Correct solution?

Thanks all

metiranve1986
  • 1
  • 1
  • Possible duplicate of [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Bill Karwin Jan 08 '19 at 22:06

1 Answers1

0

Your problem is that you take a value from a request directly to a SQL query.

The best way to prevent SQL injection is to use prepared statements. Prepared statements solve the SQL Injection problem. You must

  1. Validate the $_REQUEST['cat'] value
  2. Use (for example) PDO to prepare the statement (http://php.net/manual/en//pdo.prepared-statements.php)

Read : https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

SPoint
  • 582
  • 2
  • 10