function __construct()
{
//The xml file is in its insecure default location.
//We would normally have all referenced libraries outside of the webroot.
$this->esapi = new ESAPI('../owasp-esapi-php-read-only/test/testresources/ESAPI.xml');
ESAPI::setEncoder(new DefaultEncoder());
ESAPI::setValidator(new DefaultValidator());
$this->encoder = ESAPI::getEncoder();
$this->validator = ESAPI::getValidator();
}
AUTHORS SPECIFICALLY DISCLAIM ANY WARRANTIES INCLUDING, BUT NOT
LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND AUTHORS HAVE NO
OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR
MODIFICATIONS.*/
$tainted = $_SESSION['UserData'];
$ESAPI = new ESAPI();
ESAPI::setEncoder(new DefaultEncoder());
ESAPI::setValidator(new DefaultValidator());
//verifying the data with ESAPI
if ($ESAPI->validator->isValidNumber("Course ID", $tainted, 18, 25, false)) {
$tainted = $tainted;
} else {
$tainted = 0;
//default value
}
$query = "SELECT * FROM COURSE WHERE id=?";
$conn = mysql_connect('localhost', 'mysql_user', 'mysql_password');
//Connection to the database (address, user, password)
$stmt = $conn->prepare($query);
$stmt->bind_param("i", $checked_data);
$stmt->execute();
mysql_close($conn);
