• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
does my code can do sql injection to delete specific row ?

#1
i don't know why my databse of Firmware is losing some rows, i have create Query Log at my backend to record all Insert Delete Update and i test to do all above action and check my QueryLog all is ok nothing wrong.

i think maybe it cause from my Frontend this is my related code.

HTML when click Ajax will fire and send data-id to Controller
Code:
<a
        class="dropdown-item get-firmware"
        href="#download-2"
        data-id="<?=$category_id?>"
        role="tab"
        data-toggle="tab"
        aria-controls="nav-dropdown1"><?=$category_name?></a>
Model related function
Code:
public function get_select_firmware($id )
{
   $this->db->select('*')
       ->from($this->tbl_firmware)
       ->group_by('prod_id')
       ->where('category_id', $id);
   $query = $this->db->get();
            
   return $query->result();
}
public function get_select_all($table, $order_by = NULL)

{
   $this->db->order_by($order_by);
   $query = $this->db->get($table);     
   return $query->result();
}
public function get_count_where($id, $table)
{
   $this->db->where($id);
   $this->db->from($table);
   return $this->db->count_all_results();
}
public function general_insert($data, $table)
{
   $this->db->set($data);
   if(!$this->db->insert($table))
   {
       return FALSE;        
   }
   $this->log_queries();
   return TRUE;
}
        
public function general_delete($id, $table)
{
   $this->db->where($id);
   if(!$this->db->delete($table))
   {
       return FALSE;
   }
   $this->log_queries();
   return TRUE;
}
        
public function general_update($data, $id, $table)
{
   $this->db->where($id);
   if(!$this->db->update($table, $data))
   {
       return FALSE;
   }
   $this->log_queries();
   return TRUE;
}


here is my PHP All function i use is using Query Builder 
PHP Code:
public function index()
{
 
   if (! $this->input->is_ajax_request()) 
 
   show_404(); }

 
   $category $this->input->post('id');
 
   $firmware $this->Firmware_model->get_select_firmware($category);
 
   $json = [];
 
   foreach($firmware as $rows){
 
   $prod_id $rows->prod_id;

 
   $firmware_count $this->General_model->get_count_where(
 
       ['prod_id' => $prod_id],
 
       $this->tbl_firmware
    
);
            
 
   $check_rows = ($firmware_count && $prod_id != 0) ? '1' '0';
            
 
   $product $this->General_model->get_select_rows(
 
       ["prod_id" => $prod_id],
 
       'tbl_product'
 
   );
 
   $image '';
 
   if(count($product) > && $product != ''){
 
       foreach($product as $prod)
 
       $image $prod->prod_image;}
 
   }
 
   $json1 = [
 
       'firmware_id'        =>    $rows->fm_id,
 
       'firmware_name'        =>    htmlspecialchars($rows->fm_name,ENT_QUOTES,'UTF-8'),
 
       'firmware_url'        =>    htmlspecialchars($rows->fm_url,ENT_QUOTES,'UTF-8'),
 
       'firmware_size'        =>    htmlspecialchars($rows->fm_size,ENT_QUOTES,'UTF-8'),
 
       'firmware_version'    =>    htmlspecialchars($rows->fm_version,ENT_QUOTES,'UTF-8'),
 
       'firmware_build'    =>    htmlspecialchars($rows->fm_build,ENT_QUOTES,'UTF-8'),
 
       'modify_date'        =>    $rows->modify_date,
 
       'prod_id'        =>    $prod_id,
 
       'firmware_rows'        =>    $check_rows,
 
       'category_id'        =>    $rows->category_id,
 
       'image'            =>    $image
             
    
];    
 
   $json[] = $json1;
 
   }
 
   $this->output
        
->set_content_type('application/json'//set Json header
 
       ->set_output(json_encode($jsonJSON_UNESCAPED_UNICODE));
        
}

public function 
firmware_report()
{
 
   if (!$this->input->is_ajax_request()) 
 
   show_404(); }
    
 
   $id $this->input->post('id');
 
   $data = [
 
       'fm_id' => $id,
 
       'fr_phone' => $this->input->post('phone'),
 
       'fr_comment' => $this->input->post('comment'),
 
       'fr_date' => $this->General_model->_my_date_now()
 
   ];
        
 
   if(!$this->General_model->general_insert(
 
      $data,
 
      $this->tbl_firmware_report)
 
   ){
 
       show_404();
            
 
   } else {
 
       if($this->General_model->general_update(
 
           ['fm_status' => 1], 
 
           ['fm_id' => $id],
 
           $this->tbl_firmware)
 
       ){
 
           $error = array('error' => "Thank for helping us detect the error!!!");
 
           $this->session->set_flashdata('show''0');
 
       } else {
 
           $error = array('error' => 'Opp something wrong request cancel.');
 
           $this->session->set_flashdata('show''1');
 
       }
 
   }

is that possbile to do sql injection ?
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.