php - $_SESSION['ip'] and $_SERVER['REMOTE_ADDR'] security issue
Get the solution ↓↓↓Solution:
Get rid of the SQL injection hole by changing this:
$sth = $this->_db->query("SELECT * FROM users WHERE id = " . $cookieData['id']);
...to this:
$sth = $this->_db->prepare("SELECT * FROM users WHERE id = :ident");
$sth->execute([':ident' => $cookieData['id']]);
This assumes thatDB::init()
returns aPDO
instance. If it's an instance of a custom class, you'll need to implement parameter binding in that class.
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: warning: a non-numeric value encountered in
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.