Recently I receive a email, claiming that he can change my admin password by

Question

0

Asked: June 1, 20262026-06-01T20:04:55+00:00 2026-06-01T20:04:55+00:00

Recently I receive a email, claiming that he can change my admin password by

0

Recently I receive a email, claiming that he can change my admin password by sql injection.
Here is my code. It is developed using Yii php framework. Can anyone see the flaws?

    public function actionLogin()
{

    $model=new LoginForm;

    // if it is ajax validation request
    if(isset($_POST['ajax']) && $_POST['ajax']==='login-form')
    {
        echo CActiveForm::validate($model);
        Yii::app()->end();
    }

    // collect user input data
    if(isset($_POST['LoginForm']))
    {
        $model->attributes=$_POST['LoginForm'];
        // validate user input and redirect to the previous page if valid
        if($model->validate() && $model->login())
            $this->redirect(Yii::app()->user->returnUrl);
    }
    // display the login form
    $this->render('login',array('model'=>$model));
}

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-01T20:04:56+00:00

Editorial Team

2026-06-01T20:04:56+00:00Added an answer on June 1, 2026 at 8:04 pm

Every where you are creating sql queries, you must bind all external variable with sql variables, It will remove sql injection possibility.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Recently I receive a email, claiming that he can change my admin password by

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply