Description:
The project is highly vulnerable to SQL Injection. User inputs (like $roll and $hostel) are directly concatenated into SQL queries without sanitization or using prepared statements. An attacker could bypass login or delete database records by entering malicious strings into the input fields.
Recommended Fix:
Use prepared statements with mysqli_prepare or PDO.
Code Implementation (for login.inc.php)
// Replace the direct query with this secure version
$sql = "SELECT * FROM Student WHERE Student_id = ?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../index.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $roll);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if($row = mysqli_fetch_assoc($result)){
// ... proceed with password_verify
}
}
Description:
The project is highly vulnerable to SQL Injection. User inputs (like $roll and $hostel) are directly concatenated into SQL queries without sanitization or using prepared statements. An attacker could bypass login or delete database records by entering malicious strings into the input fields.
Recommended Fix:
Use prepared statements with mysqli_prepare or PDO.
Code Implementation (for
login.inc.php)