e51d266a0f
- Fixed SQL injection in ride/license/get.php (interpolated variable → parameterized query) - Added admin role checks to all 3 mass data endpoints (driver tokens, passenger tokens, phones+tokens) - Added pagination (50/page) to all 4 mass data endpoints - Fixed LIMIT to use placeholders with type binding
22 lines
512 B
PHP
22 lines
512 B
PHP
<?php
|
|
require_once __DIR__ . '/../../connect.php';
|
|
|
|
|
|
// $promo_code = filterRequest("promo_code");
|
|
$driverID = filterRequest("driverID");
|
|
|
|
$sql = "SELECT * FROM `lisenceDetails` WHERE `driverID` = :driverID";
|
|
|
|
$stmt = $con->prepare($sql);
|
|
$stmt->execute([':driverID' => $driverID]);
|
|
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
if ($result) {
|
|
// Print all promo records
|
|
jsonSuccess($result);
|
|
} else {
|
|
// Print a failure message
|
|
jsonError($message = "Failed to retrieve promo records");
|
|
|
|
}
|
|
?>
|