1. Forums
  2. Programming
  3. PHP
  4. help prevent sql injection

help prevent sql injection

Submitted by nana.k.denise on
This code is vulnerable. Please help correct the code to prevent SQL injection.
  1. <link rel="stylesheet" type="text/css" href="admin/css/style.css" />
  2. <?php include('dbcon.php');
  3. include('header.php');
  4.  ?>
  5. </head>
  6. <body>
  7.  
  8.         <div class="navbar navbar-fixed-top">
  9.         <div class="navbar-inner">
  10.         <div class="container">
  11.              
  12.                 <a class="brand">
  13.                 <img src="admin/images/dee.png" width="150" height="50">
  14.         </a>
  15.         <a class="brand">
  16.          <h2>UNITOUCH GLOBAL ONLINE E-VOTING</h2>
  17.          <div class="chmsc_nav"><font size="4" color="white">Uniquely Touching The Universe</font></div>
  18.         </a>
  19.  
  20.         <?php include('head.php'); ?>
  21.  
  22.         </div>
  23.         </div>
  24.         </div>
  25. <div class="wrapper_admin">
  26. </br>
  27. </br>
  28. </br>
  29.         <div id="element" class="hero-body-index">
  30.  
  31.         <p><font color="white"><h2>Voter Login</h2></font></p>
  32.        
  33.         <form method="POST" >
  34.         <table>
  35.     <tr><td><font color="white">UserName:</font>&nbsp;&nbsp;</td><td><input type="text"  name="UserName" class="UserName_hover"></td></tr>
  36.         <tr><td>...<td></tr>
  37.     <tr><td><font color="white">Password:</font>&nbsp;&nbsp;</td><td><input type="Password" name="Password" class="Password_hover"></td></tr>
  38.         <tr><td>...<td></tr>
  39.         <tr><td></td><td>       <button class="btn btn-primary" name="Login"><i class="icon-ok icon-large"></i>&nbsp;Login</button>
  40.        
  41.         </td></tr>
  42.         <tr><td>
  43.         </td><tr>
  44.         </form>
  45.         </table>
  46.        
  47.         </br>
  48.         <div class="error">
  49.                         <?php
  50.  
  51. if (isset($_POST['Login'])){
  52. require_once 'dbcon.php';
  53.  
  54. $UserName=$_POST['UserName'];
  55. $Password=$_POST['Password'];
  56.  
  57.  
  58.  
  59. $login_query=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='1st year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
  60. $login_query3=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='2nd year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
  61. $login_query4=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='3rd year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
  62. $login_query5=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='4th year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
  63. //
  64. $login_query1=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Voted'");
  65. $login_query2=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Voted'");
  66. $count=mysqli_num_rows($login_query);
  67. $count1=mysqli_num_rows($login_query1);
  68. $count3=mysqli_num_rows($login_query3);
  69. $count4=mysqli_num_rows($login_query4);
  70. $count5=mysqli_num_rows($login_query5);
  71. $row=mysqli_fetch_array($login_query);
  72. $row3=mysqli_fetch_array($login_query3);
  73. $row4=mysqli_fetch_array($login_query4);
  74. $row5=mysqli_fetch_array($login_query5);
  75. $id=$row['VoterID'];
  76. ?>
  77. <?php
  78. if($count == 1){
  80. $_SESSION['id']=$row['VoterID'];
  81. header('location:voting.php');
  82. }
  83. if($count3 == 1){
  85. $_SESSION['id']=$row3['VoterID'];
  86. header('location:voting.php');
  87. }
  88. if($count4 == 1){
  90. $_SESSION['id']=$row4['VoterID'];
  91. header('location:voting.php');
  92. }
  93. if($count5 == 1){
  95. $_SESSION['id']=$row5['VoterID'];
  96. header('location:voting.php');
  97. }
  98. if($count1 == 1){ ?>
  99.         <div class="alert alert-error">
  100.     <button class="close" data-dismiss="alert">×</button>
  101.    You Can Only Vote Once
  102.     </div>
  103. <?php
  104. }else{ ?>
  105. <div class="alert alert-error">
  106.     <button class="close" data-dismiss="alert">×</button>
  107.    Please check your username and password
  108.     </div>
  109.  
  110.         <?php
  111.         }
  112. ?>
  113.  
  114. <?php
  115. }
  116.  
  117. ?>
  118. </div>
  119. </div>
  120. </br>
  121. </br>
  122. </br>
  123. </br>
  124. </br>
  125.  
  126.         <?php include('footer.php')?>  
  127. </div>
  128.  
  129.     </body>
  130.        
  131. </html>
  • 24 views