Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fixed sqli in sqlite3
  • Loading branch information
tonythomas01 committed Oct 5, 2014
1 parent 3894752 commit 7a8430d
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 24 deletions.
16 changes: 8 additions & 8 deletions assets/php/delegateRegistration.php
Expand Up @@ -51,21 +51,21 @@ function __construct()
$myDateTime = new DateTime( Date( '' ), new DateTimeZone( 'GMT' ) );
$myDateTime->setTimezone( new DateTimeZone( 'Asia/Kolkata' ) );
$date = $myDateTime->format( 'Y-m-d H:i:s' );
$name = $_POST['del-name'];
$name = SQLite3::escapeString($_POST['del-name']);
if ( empty( $_POST['del-email'] ) )
{
$emailerror = "Required Field";
}
else
{
$email = $_POST['del-email'];
$email = SQLite3::escapeString($_POST['del-email']);
if ( !preg_match( "/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email ) )
{
$emailerror = "Invalid Format";
}
}
$org = $_POST['del-org'];
$city = $_POST['del-city'];
$org = SQLite3::escapeString($_POST['del-org']);
$city = SQLite3::escapeString($_POST['del-city']);
if ( !preg_match( '/$^|^[a-zA-Z]+[0-9]*[\. ,]*[a-zA-Z0-9]*$/', $city ) )
{
$cityerror = "City name must start with a letter and can contain only alphanumerics, spaces, periods and commas";
Expand All @@ -76,23 +76,23 @@ function __construct()
$arrivalerror = "No arriving date given";
} else {

$arrival = $_POST['del-arrival'];
$arrival = SQLite3::escapeString($_POST['del-arrival']);
}
if ( empty( $_POST['del-depart'] ) ) {
$departureerror = "No departure date given";
} else {
$departure = $_POST['del-depart'];
$departure = SQLite3::escapeString($_POST['del-depart']);
}
$lap = 1;
if ( empty( $_POST['del-accom'] ) ) {
$accom = "0";
} else {
$accom = $_POST['del-accom'];
$accom = SQLite3::escapeString($_POST['del-accom']);
}
if ( empty( $_POST['del-tshirt'] ) ) {
$tshirt = "0";
} else {
$tshirt = $_POST['del-tshirt'];
$tshirt = SQLite3::escapeString($_POST['del-tshirt']);
}

if ( $nameerror == "" && $emailerror == "" && $arrivalerror == "" && $departureerror == "" && $orgerror == "" && $cityerror == "" )
Expand Down
31 changes: 15 additions & 16 deletions assets/php/speakerRegistration.php
@@ -1,6 +1,5 @@
<?php
error_reporting( E_ALL );
ini_set( 'display_errors', '1' );
error_reporting(0);
# Database Connection
class database extends SQLite3
{
Expand Down Expand Up @@ -54,62 +53,62 @@ function __construct()
$myDateTime = new DateTime( Date( '' ), new DateTimeZone( 'GMT' ) );
$myDateTime->setTimezone( new DateTimeZone( 'Asia/Kolkata' ) );
$date = $myDateTime->format( 'Y-m-d H:i:s' );
$name = $_POST['sp-name'];
$name = SQLite3::escapeString( $_POST['sp-name'] );
if ( empty( $_POST['sp-email'] ) )
{
$emailerror = "Required Field";
}
else
{
$email = $_POST['sp-email'];
$email = SQLite3::escapeString( $_POST['sp-email'] );
if ( !preg_match( "/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email ) )
{
$emailerror = "Invalid Format";
}
}
$org = $_POST['sp-org'];
$city = $_POST['sp-city'];
$org = SQLite3::escapeString( $_POST['sp-org'] );
$city = SQLite3::escapeString( $_POST['sp-city'] );
if ( !preg_match( '/$^|^[a-zA-Z]+[0-9]*[\. ,]*[a-zA-Z0-9]*$/', $city ) )
{
$cityerror = "City name must start with a letter and can contain only alphanumerics, spaces, periods and commas";
}
if ( empty( $_POST['sp-profile'] ) ) {
$profilerror = "No profile";
} else {
$profile = $_POST['sp-profile'];
$profile = SQLite3::escapeString( $_POST['sp-profile'] );
}

if ( empty( $_POST['sp-tshirt'] ) ) {
$tshirt = "0";
} else {
$tshirt = $_POST['sp-tshirt'];
$tshirt = SQLite3::escapeString( $_POST['sp-tshirt'] );
}

if ( empty( $_POST['sp-arrival'] ) ) {
$arrivalerror = "No arriving date given";
} else {
$arrival = $_POST['sp-arrival'];
$arrival = SQLite3::escapeString( $_POST['sp-arrival'] );
}
if ( empty( $_POST['sp-depart'] ) ) {
$departureerror = "No departure date given";
} else {
$departure = $_POST['sp-depart'];
$departure = SQLite3::escapeString( $_POST['sp-depart'] );
}
$lap = 1;
if ( empty( $_POST['sp-accom'] ) ) {
$accom = "0";
} else {
$accom = $_POST['sp-accom'];
$accom = SQLite3::escapeString( $_POST['sp-accom'] );
}
$pretitle = $_POST['sp-title'];
$pretitle = SQLite3::escapeString( $_POST['sp-title'] );
if ( empty( $pretitle ) )
{
$titleerror = "Required Field";
}
else
{
$title = $_POST['sp-title'];
$desc = $_POST['sp-desc'];
$title = SQLite3::escapeString( $_POST['sp-title'] );
$desc = SQLite3::escapeString( $_POST['sp-desc'] );

}
if ( $nameerror == "" && $emailerror == "" && $arrivalerror == "" && $departureerror == "" && $orgerror == "" && $cityerror == "" && $titleerror == "" && $profilerror == "" )
Expand All @@ -123,11 +122,11 @@ function __construct()
header( 'location:../../registration_success.html' );
} else {
echo "fail";
// header( 'location:../../registration_fail.html' );
header( 'location:../../registration_fail.html' );
}
} else {
echo "fail";
// header( 'location:../../registration_fail.html' );
header( 'location:../../registration_fail.html' );
}
}
}
Expand Down

0 comments on commit 7a8430d

Please sign in to comment.