MODIFICATIONS.*/
class Input
{
    private $input;
    public function getInput()
    {
        return $this->input['realOne'];
    }
    public function __construct()
    {
        $this->input = array();
        $this->input['test'] = 'safe';
        $this->input['realOne'] = $_GET['UserData'];
        $this->input['trap'] = 'safe';
    }
}
$temp = new Input();
$tainted = $temp->getInput();
$tainted = floatval($tainted);
$query = sprintf("SELECT * FROM student where id='%s'", $tainted);
$conn = mysql_connect('localhost', 'mysql_user', 'mysql_password');
// Connection to the database (address, user, password)
mysql_select_db('dbname');
echo "query : " . $query . "<br /><br />";
$res = mysql_query($query);
//execution
while ($data = mysql_fetch_array($res)) {
    print_r($data);
    echo "<br />";
}
mysql_close($conn);
コード例 #2
0
ファイル: File.php プロジェクト: marvin255/serviform
 /**
  * @return string
  */
 public function getInput()
 {
     $this->setAttribute('type', 'file');
     return parent::getInput();
 }