h1

SQLi: Netbeans Sample Project “AirAlliance”

July 8, 2009

Today i got a notice that NetBeans 6.8 will have support for the Symfony PHP Framework. Because I really like to work with that Framework and I never worked with Netbeans (I use Eclipse instead) I thought I should give it a try. First I downloaded, installed and opened the development version. After that i openened the “AirAlliance” sample project (it’s not a symfony project).

But what I saw was not what I’d expected:

web/confirmreservation.php Line 33-48:
if(isset($_REQUEST["IID"])){
$IID = $_REQUEST["IID"];
...
$itineraryData = getItinerary($IID);

web/itinerarymanager.php Line 329-341:
function getItinerary($IID){
 $connection = initDB();
 $query;
 if($IID == 0){
  $query = "SELECT * FROM Itinerary";
 }
 else{
  $query = "SELECT * FROM Itinerary WHERE IID='".$IID."'";
 }
 
 
 $result = mysql_query($query);
...

Ok, it’s just a sample project.
But how to learn the good things from the bad ones if you don’t know that they are bad?

I’m not sure if this says something about the IDE itself but I think I will continue my work with Eclipse…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: