MODIFICATIONS.*/ class Input { private $input; public function getInput() { return $this->input['realOne']; } public function __construct() { $this->input = array(); $this->input['test'] = 'safe'; $this->input['realOne'] = $_GET['UserData']; $this->input['trap'] = 'safe'; } } $temp = new Input(); $tainted = $temp->getInput(); $tainted = floatval($tainted); $query = sprintf("SELECT * FROM student where id='%s'", $tainted); $conn = mysql_connect('localhost', 'mysql_user', 'mysql_password'); // Connection to the database (address, user, password) mysql_select_db('dbname'); echo "query : " . $query . "<br /><br />"; $res = mysql_query($query); //execution while ($data = mysql_fetch_array($res)) { print_r($data); echo "<br />"; } mysql_close($conn);
/** * @return string */ public function getInput() { $this->setAttribute('type', 'file'); return parent::getInput(); }