SQLi: Netbeans Sample Project “AirAlliance”

July 8, 2009

Today i got a notice that NetBeans 6.8 will have support for the Symfony PHP Framework. Because I really like to work with that Framework and I never worked with Netbeans (I use Eclipse instead) I thought I should give it a try. First I downloaded, installed and opened the development version. After that i openened the “AirAlliance” sample project (it’s not a symfony project).

But what I saw was not what I’d expected:

web/confirmreservation.php Line 33-48:
$itineraryData = getItinerary($IID);

web/itinerarymanager.php Line 329-341:
function getItinerary($IID){
 $connection = initDB();
 if($IID == 0){
  $query = "SELECT * FROM Itinerary";
  $query = "SELECT * FROM Itinerary WHERE IID='".$IID."'";
 $result = mysql_query($query);

Ok, it’s just a sample project.
But how to learn the good things from the bad ones if you don’t know that they are bad?

I’m not sure if this says something about the IDE itself but I think I will continue my work with Eclipse…


