From fb666a829987ec6ccb3781101264bdec202b743d Mon Sep 17 00:00:00 2001
From: studentmsc2018 <45600306+studentmsc2018@users.noreply.github.com>
Date: Tue, 4 Dec 2018 17:32:40 +0200
Subject: [PATCH] Update get_data.php

to avoid SQL injection, a common method is to escape user input. it is not enough to create a prepared statement.
---
 php/get_data.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/get_data.php b/php/get_data.php
index 98f8c74..f27b0c0 100644
--- a/php/get_data.php
+++ b/php/get_data.php
@@ -16,7 +16,7 @@
 $stmt = mysqli_prepare($connect, $sql);
 mysqli_stmt_bind_param($stmt, 'i', $num);
 
-$num = $_GET["num"];
+$num =  mysql_real_escape_string($_GET["num"]);
 
 
 //Don't need to insert id since it's an PRI_KEY A_I
@@ -36,4 +36,4 @@
 mysqli_stmt_close($stmt);
 
 mysqli_close($connect);
-?>
\ No newline at end of file
+?>