Skip to content
Snippets Groups Projects
Commit a49ff830 authored by Sibidharan's avatar Sibidharan :speech_balloon:
Browse files

MySQL Injection updates

parent fd6c1937
No related branches found
No related tags found
No related merge requests found
......@@ -115,5 +115,11 @@ $ cd /var
$ sudo chown $(whoami):$(whoami) -R www
```
Now update the `env.json` file with the user and database info created. All set, your code should be accessible at http://localhost
6. Now import the database export locaked at `database/export.sql` into the database you just created and we have all the tables.
Now update the `env.json` file with the user and database info created. All set, your code should be accessible at http://localhost or whereever you configured it to work.
### Security
All the data that you get with `$this->_request[]` inside the APIs are secured with `mysqli_real_escape_string` during the API initialization. Look for the function called REST::cleanInputs() inside `api/REST.api.php` and here is where it happens. So this development is considered secured from MySQLi injections. If you access `$_GET` or `$_POST` anywhere else directly without `$this->_request[]`, then you might just need to filter the inputs yourself and make them secure.
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment