Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): fix SQL injection in updatePaymetToPaid, OTP random_int, static IV encryption, storage mismatch

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-17 06:31:13 +03:00
parent 8c6dea5d96
commit 0ceb67ee56
7 changed files with 100 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
walletintaleq.intaleq.xyz/v2/main/ride/payment/updatePaymetToPaid.php
View File

@@ -3,11 +3,15 @@ include "../../connect.php";
$driverID = filterRequest("driverID");
if (empty($driverID)) {
printFailure("Driver ID is required");
exit;
}
$sql = "UPDATE `payments` SET `isGiven`='Paid' WHERE driverID='$driverID'";
$sql = "UPDATE `payments` SET `isGiven`='Paid' WHERE driverID = :driverID";
$stmt = $con->prepare($sql);
$stmt->execute();
$stmt->execute([':driverID' => $driverID]);
if ($stmt->rowCount() > 0) {
// Print a success message