Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help does my code can do sql injection to delete specific row ?
does my code can do sql injection to delete specific row ?
  • Offline tereaksmey123
    Newbie
  • *
  • Posts: 8
    Threads: 6
    Joined: Nov 2016
    Reputation: 0
#1
01-05-2018, 03:03 AM
(This post was last modified: 01-05-2018, 03:06 AM by tereaksmey123.)

i don't know why my databse of Firmware is losing some rows, i have create Query Log at my backend to record all Insert Delete Update and i test to do all above action and check my QueryLog all is ok nothing wrong.

i think maybe it cause from my Frontend this is my related code.

HTML when click Ajax will fire and send data-id to Controller
Code:
<a
        class="dropdown-item get-firmware"
        href="#download-2"
        data-id="<?=$category_id?>"
        role="tab"
        data-toggle="tab"
        aria-controls="nav-dropdown1"><?=$category_name?></a>
Model related function
Code:
public function get_select_firmware($id )
{
   $this->db->select('*')
       ->from($this->tbl_firmware)
       ->group_by('prod_id')
       ->where('category_id', $id);
   $query = $this->db->get();
            
   return $query->result();
}
public function get_select_all($table, $order_by = NULL)

{
   $this->db->order_by($order_by);
   $query = $this->db->get($table);     
   return $query->result();
}
public function get_count_where($id, $table)
{
   $this->db->where($id);
   $this->db->from($table);
   return $this->db->count_all_results();
}
public function general_insert($data, $table)
{
   $this->db->set($data);
   if(!$this->db->insert($table))
   {
       return FALSE;        
   }
   $this->log_queries();
   return TRUE;
}
        
public function general_delete($id, $table)
{
   $this->db->where($id);
   if(!$this->db->delete($table))
   {
       return FALSE;
   }
   $this->log_queries();
   return TRUE;
}
        
public function general_update($data, $id, $table)
{
   $this->db->where($id);
   if(!$this->db->update($table, $data))
   {
       return FALSE;
   }
   $this->log_queries();
   return TRUE;
}


here is my PHP All function i use is using Query Builder 
PHP Code:
public function index()
{
    if (! $this->input->is_ajax_request()) 
    show_404(); }

    $category $this->input->post('id');
    $firmware $this->Firmware_model->get_select_firmware($category);
    $json = [];
    foreach($firmware as $rows){
    $prod_id $rows->prod_id;

    $firmware_count $this->General_model->get_count_where(
        ['prod_id' => $prod_id],
        $this->tbl_firmware
    );
            
    $check_rows = ($firmware_count && $prod_id != 0) ? '1' '0';
            
    $product $this->General_model->get_select_rows(
        ["prod_id" => $prod_id],
        'tbl_product'
    );
    $image '';
    if(count($product) > && $product != ''){
        foreach($product as $prod)
        $image $prod->prod_image;}
    }
    $json1 = [
        'firmware_id'        =>    $rows->fm_id,
        'firmware_name'        =>    htmlspecialchars($rows->fm_name,ENT_QUOTES,'UTF-8'),
        'firmware_url'        =>    htmlspecialchars($rows->fm_url,ENT_QUOTES,'UTF-8'),
        'firmware_size'        =>    htmlspecialchars($rows->fm_size,ENT_QUOTES,'UTF-8'),
        'firmware_version'    =>    htmlspecialchars($rows->fm_version,ENT_QUOTES,'UTF-8'),
        'firmware_build'    =>    htmlspecialchars($rows->fm_build,ENT_QUOTES,'UTF-8'),
        'modify_date'        =>    $rows->modify_date,
        'prod_id'        =>    $prod_id,
        'firmware_rows'        =>    $check_rows,
        'category_id'        =>    $rows->category_id,
        'image'            =>    $image
             
    ];    
    $json[] = $json1;
    }
    $this->output
        ->set_content_type('application/json'//set Json header
        ->set_output(json_encode($jsonJSON_UNESCAPED_UNICODE));
        
}

public function firmware_report()
{
    if (!$this->input->is_ajax_request()) 
    show_404(); }
    
    $id $this->input->post('id');
    $data = [
        'fm_id' => $id,
        'fr_phone' => $this->input->post('phone'),
        'fr_comment' => $this->input->post('comment'),
        'fr_date' => $this->General_model->_my_date_now()
    ];
        
    if(!$this->General_model->general_insert(
       $data,
       $this->tbl_firmware_report)
    ){
        show_404();
            
    } else {
        if($this->General_model->general_update(
            ['fm_status' => 1], 
            ['fm_id' => $id],
            $this->tbl_firmware)
        ){
            $error = array('error' => "Thank for helping us detect the error!!!");
            $this->session->set_flashdata('show''0');
        } else {
            $error = array('error' => 'Opp something wrong request cancel.');
            $this->session->set_flashdata('show''1');
        }
    }

is that possbile to do sql injection ?
Reply




Theme © iAndrew 2016 - Forum software by © MyBB