Skip to content

P2: Refactor raw SQL endpoints to prepared statements #75

Description

@Kinin-Code-Offical

Several endpoints use raw string concatenation to build SQL queries, creating a critical SQL injection risk.

Acceptance Criteria:

  • Identify all endpoints that use INSERT or UPDATE with string concatenation.
  • Refactor them to use mysqli_prepare, �ind_param, and execute.
  • At least �ddclient.php and �ddpolicy.php must be fixed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area: backendRelated to the PHP backendarea: securitySecurity vulnerabilitiespriority: P2Security and Authentication taskstype: bugA bug or functional error

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions