Solution Issue #9

[Pasquale007]

Hey man. I tied to contact you regarding the Issue #9 (Issue #23). I've got a solution for that. Maybe you can take a look:

To fix the SQL Injection, just make sure the user isn't able to insert symbols that can destroy your query ( -, ', ... ). So one possibly is to remove every forbidden symbol. I've done this with the following two lines:

$id=str_replace( "-","", $id);
$id=str_replace( "'","", $id);

Write these two lines direct under every file with $id=$_GET["id"]; (/patient/doctors.php, /patient/booking.php, /patient/settings.php) and you should be fine.