help prevent sql injection

10 years ago By nana.k.denise
This code is vulnerable. Please help correct the code to prevent SQL injection. 
  1. <link rel="stylesheet" type="text/css" href="admin/css/style.css" />
  2. <?php include('dbcon.php');
  3. include('header.php');
  4.  ?>
  5. </head>
  6. <body>
  7.  
  8. 	<div class="navbar navbar-fixed-top">
  9. 	<div class="navbar-inner">
  10. 	<div class="container">
  11.  
  12. 		<a class="brand">
  13. 		<img src="admin/images/dee.png" width="150" height="50">
  14.  	</a>
  15. 	<a class="brand">
  16. 	 <h2>UNITOUCH GLOBAL ONLINE E-VOTING</h2>
  17. 	 <div class="chmsc_nav"><font size="4" color="white">Uniquely Touching The Universe</font></div>
  18.  	</a>
  19.  
  20. 	<?php include('head.php'); ?>
  21.  
  22. 	</div>
  23. 	</div>
  24. 	</div>
  25. <div class="wrapper_admin">
  26. </br>
  27. </br>
  28. </br>
  29. 	<div id="element" class="hero-body-index">
  30.  
  31. 	<p><font color="white"><h2>Voter Login</h2></font></p>
  32.  
  33. 	<form method="POST" >
  34. 	<table>
  35.     <tr><td><font color="white">UserName:</font>&nbsp;&nbsp;</td><td><input type="text"  name="UserName" class="UserName_hover"></td></tr>
  36. 	<tr><td>...<td></tr>
  37.     <tr><td><font color="white">Password:</font>&nbsp;&nbsp;</td><td><input type="Password" name="Password" class="Password_hover"></td></tr>
  38. 	<tr><td>...<td></tr>
  39. 	<tr><td></td><td>	<button class="btn btn-primary" name="Login"><i class="icon-ok icon-large"></i>&nbsp;Login</button>
  40.  
  41. 	</td></tr>
  42. 	<tr><td>
  43. 	</td><tr>
  44. 	</form>
  45. 	</table>
  46.  
  47. 	</br>
  48. 	<div class="error">
  49. 			<?php
  50.  
  51. if (isset($_POST['Login'])){
  52. require_once 'dbcon.php';
  53.  
  54. $UserName=$_POST['UserName'];
  55. $Password=$_POST['Password'];
  56.  
  57.  
  58.  
  59. $login_query=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='1st year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
  60. $login_query3=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='2nd year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
  61. $login_query4=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='3rd year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
  62. $login_query5=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='4th year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
  63. //
  64. $login_query1=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Voted'");
  65. $login_query2=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Voted'");
  66. $count=mysqli_num_rows($login_query);
  67. $count1=mysqli_num_rows($login_query1);
  68. $count3=mysqli_num_rows($login_query3);
  69. $count4=mysqli_num_rows($login_query4);
  70. $count5=mysqli_num_rows($login_query5);
  71. $row=mysqli_fetch_array($login_query);
  72. $row3=mysqli_fetch_array($login_query3);
  73. $row4=mysqli_fetch_array($login_query4);
  74. $row5=mysqli_fetch_array($login_query5);
  75. $id=$row['VoterID'];
  76. ?>
  77. <?php 
  78. if($count == 1){
  79. session_start();
  80. $_SESSION['id']=$row['VoterID'];
  81. header('location:voting.php');
  82. }
  83. if($count3 == 1){
  84. session_start();
  85. $_SESSION['id']=$row3['VoterID'];
  86. header('location:voting.php');
  87. }
  88. if($count4 == 1){
  89. session_start();
  90. $_SESSION['id']=$row4['VoterID'];
  91. header('location:voting.php');
  92. }
  93. if($count5 == 1){
  94. session_start();
  95. $_SESSION['id']=$row5['VoterID'];
  96. header('location:voting.php');
  97. }
  98. if($count1 == 1){ ?>
  99. 	<div class="alert alert-error">
  100.     <button class="close" data-dismiss="alert">×</button>
  101.    You Can Only Vote Once
  102.     </div>
  103. <?php
  104. }else{ ?>
  105. <div class="alert alert-error">
  106.     <button class="close" data-dismiss="alert">×</button>
  107.    Please check your username and password
  108.     </div>
  109.  
  110. 	<?php 
  111. 	}
  112. ?>
  113.  
  114. <?php
  115. }
  116.  
  117. ?>
  118. </div>
  119. </div>
  120. </br>
  121. </br>
  122. </br>
  123. </br>
  124. </br>
  125.  
  126. 	<?php include('footer.php')?>	
  127. </div>
  128.  
  129.     </body>
  130.  
  131. </html>

Add new comment

About text formats
  • 12 views