Skip to content

Commit

Permalink
Removida a vulnerabilidade do site à SQL Injection.
Browse files Browse the repository at this point in the history
  • Loading branch information
41419839 authored and 41419839 committed May 6, 2015
1 parent 3727400 commit dd0e1e6
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 11 deletions.
8 changes: 5 additions & 3 deletions addStrike.php
View file
Expand Up @@ -8,14 +8,16 @@
else {
header("location:./");
}
function tryAddStrike($name, $damage, $type){
$result = mysql_query("SELECT * FROM `pokemon`.`golpes` WHERE name = '$name' LIMIT 1");
function tryAddStrike($name, $damage, $type){
$ename = mysql_real_escape_string($name);
$edamage = mysql_real_escape_string($damage);
$result = mysql_query("SELECT * FROM `pokemon`.`golpes` WHERE name = '$ename' LIMIT 1");

if(mysql_num_rows($result) >= 1){ //Se ja existir o golpe
$_SESSION['error'] = 1;
header("location:acp.php");
} else {
$result = mysql_query("INSERT INTO `pokemon`.`golpes` (`name`, `damage`, `type`) VALUES ('$name', '$damage', '$type')");
$result = mysql_query("INSERT INTO `pokemon`.`golpes` (`name`, `damage`, `type`) VALUES ('$ename', '$edamage', '$type')");
$_SESSION['error'] = 2; //Apesar do nome da variável da sessão, é uma instrução apenas
header("location:acp.php");
}
Expand Down
5 changes: 3 additions & 2 deletions editStrike.php
View file
Expand Up @@ -9,14 +9,15 @@
header("location:./");
}
function tryEditStrike($id, $name, $damage, $type){

$ename = mysql_real_escape_string($name);
$edamage = mysql_real_escape_string($damage);
$result = mysql_query("SELECT * FROM `pokemon`.`golpes` WHERE id = '$id' LIMIT 1");

if(mysql_num_rows($result) == 0){ //Se não existir golpe com este ID
$_SESSION['error2'] = 3;
header("location:acp.php");
} else {
$result = mysql_query("UPDATE `pokemon`.`golpes` SET `name` = '$name', `damage` = '$damage', `type` = '$type' WHERE `id` = '$id'");
$result = mysql_query("UPDATE `pokemon`.`golpes` SET `name` = '$ename', `damage` = '$edamage', `type` = '$type' WHERE `id` = '$id'");
$_SESSION['error2'] = 4; //Apesar do nome da variável da sessão, é uma instrução apenas
header("location:acp.php");
}
Expand Down
5 changes: 3 additions & 2 deletions golpes.php
View file
@@ -1,7 +1,8 @@
<?php
require 'mysqlcon.php';
require 'mysqlcon.php';
$a = $_GET["golpe"];
$sth = mysql_query("SELECT `name` FROM `pokemon`.`golpes` where name like '" . $a."%'");
$ea = mysql_real_escape_string($a);
$sth = mysql_query("SELECT `name` FROM `pokemon`.`golpes` where name like '" . $ea."%'");
$rows = array();
while($r = mysql_fetch_assoc($sth)) {
$rows[] = $r;
Expand Down
10 changes: 6 additions & 4 deletions validateRegister.php
View file
Expand Up @@ -16,20 +16,22 @@
else {
header("location:./");
}
function tryRegister($user, $email, $pass){
$result = mysql_query("SELECT * FROM `pokemon`.`usuarios` WHERE user = '$user' LIMIT 1");
function tryRegister($user, $email, $pass){
$euser = mysql_real_escape_string($user);
$eemail = mysql_real_escape_string($email);
$result = mysql_query("SELECT * FROM `pokemon`.`usuarios` WHERE user = '$euser' LIMIT 1");

if(mysql_num_rows($result) >= 1){ //Se ja existir o usuário
$_SESSION['error'] = 2;
header("location:register.php");
} else {
$result = mysql_query("SELECT * FROM `pokemon`.`usuarios` WHERE email = '$email' LIMIT 1");
$result = mysql_query("SELECT * FROM `pokemon`.`usuarios` WHERE email = '$eemail' LIMIT 1");
if(mysql_num_rows($result) >= 1){ //Se ja existir o email
$_SESSION['error'] = 3;
header("location:register.php");
} else { //Se a conta estiver 100% apta ao registro
//Inserimos a conta no banco de dados
$result = mysql_query("INSERT INTO `pokemon`.`usuarios` (`user`, `email`, `password`) VALUES ('$user', '$email', '$pass')");
$result = mysql_query("INSERT INTO `pokemon`.`usuarios` (`user`, `email`, `password`) VALUES ('$euser', '$eemail', '$pass')");
$_SESSION['error'] = 2; //Apesar do nome da variável da sessão, é uma instrução apenas
header("location:login.php");
}
Expand Down

0 comments on commit dd0e1e6

Please sign in to comment.