This code is vulnerable. Please help correct the code to prevent SQL injection.
<link rel="stylesheet" type="text/css" href="admin/css/style.css" /> <?php include('dbcon.php'); include('header.php'); ?> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container"> <a class="brand"> <img src="admin/images/dee.png" width="150" height="50"> </a> <a class="brand"> <h2>UNITOUCH GLOBAL ONLINE E-VOTING</h2> <div class="chmsc_nav"><font size="4" color="white">Uniquely Touching The Universe</font></div> </a> <?php include('head.php'); ?> </div> </div> </div> <div class="wrapper_admin"> </br> </br> </br> <div id="element" class="hero-body-index"> <p><font color="white"><h2>Voter Login</h2></font></p> <form method="POST" > <table> <tr><td><font color="white">UserName:</font> </td><td><input type="text" name="UserName" class="UserName_hover"></td></tr> <tr><td>...<td></tr> <tr><td><font color="white">Password:</font> </td><td><input type="Password" name="Password" class="Password_hover"></td></tr> <tr><td>...<td></tr> <tr><td></td><td> <button class="btn btn-primary" name="Login"><i class="icon-ok icon-large"></i> Login</button> </td></tr> <tr><td> </td><tr> </form> </table> </br> <div class="error"> <?php require_once 'dbcon.php'; $UserName=$_POST['UserName']; $Password=$_POST['Password']; $login_query=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='1st year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false))); $login_query3=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='2nd year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false))); $login_query4=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='3rd year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false))); $login_query5=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='4th year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false))); // $login_query1=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Voted'"); $login_query2=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Voted'"); $id=$row['VoterID']; ?> <?php if($count == 1){ $_SESSION['id']=$row['VoterID']; } if($count3 == 1){ $_SESSION['id']=$row3['VoterID']; } if($count4 == 1){ $_SESSION['id']=$row4['VoterID']; } if($count5 == 1){ $_SESSION['id']=$row5['VoterID']; } if($count1 == 1){ ?> <div class="alert alert-error"> <button class="close" data-dismiss="alert">×</button> You Can Only Vote Once </div> <?php }else{ ?> <div class="alert alert-error"> <button class="close" data-dismiss="alert">×</button> Please check your username and password </div> <?php } ?> <?php } ?> </div> </div> </br> </br> </br> </br> </br> <?php include('footer.php')?> </div> </body> </html>
- 12 views
Add new comment