Good morning,
I'm new to sql injection security. I always learned only to validate the inputs and then use them in the query, always with mysqli_query and mysqli_fetch_array.
I have the following code to check if the login is correct or not (works without problem), can say if this prevents sql injection? If not, what steps should I take? Thank you for your time and help
if(isset($_POST['login'])){
$link = $_SERVER['HTTP_REFERER'];
$base_url = strtok($link, '?'); // Get the base url
$parsed_url = parse_url($link); // Parse it
$query = $parsed_url['query'];
if(!isset($query)){
$redireciona=$link;
}else{
$redireciona=substr($link, 0, strpos($link, "failed") - 1);
}
$user = trim($_POST['sp_uname']);
$pass = trim($_POST["sp_pass"]);
$stmt = $ligadb->prepare("SELECT id_user, u_user, u_nome, u_password, u_perfil FROM users WHERE u_user=? LIMIT 1");
$stmt->bind_param('s', $user);
$stmt->execute();
$stmt->bind_result($user_id, $user, $nome, $password, $perfil);
$stmt->store_result();
if($stmt->num_rows == 1) //To check if the row exists
{
if($stmt->fetch()) //fetching the contents of the row
{
if(password_verify($_POST["sp_pass"], $password)){
$_SESSION['user'] = $user;
$_SESSION['perfil'] = $perfil;
$_SESSION['id'] = $user_id;
$_SESSION['nome'] = $nome;
}else{
if(!isset($query) || $query==="failed"){
# Redirect user to error page
header('Location: ' . $redireciona . '?failed');
}else{
if (strpos($link, 'failed') !== false) {
header('Location: ' . $link);
}else{
header('Location: ' . $link . '&failed');
}
}
}
}
header('Location: ' . $redireciona);
}
else {
if (strpos($link, 'failed') !== false) {
header('Location: ' . $link);
}else{
header('Location: ' . $link . '&failed');
}
}
$stmt->close();
}
else
{
}
$ligadb->close();