SAST TryHackMe
5 min readSep 15, 2023
Only subscribers
Code Review
Are automated code reviews a substitute for manual reviewing? (yea/nay)
nay
What type of code review will run faster? (Manual/Automated)
Automated
What type of code review will be more thorough? (Manual/Automated)
Manual
Manual Code Review
Searching for Insecure Functions
Here we get three uses for db_query()
on hidden-panel.php
. Once again, we can analyse the context of each call, starting with the call on line 7:
$sql = "SELECT id, firstname, lastname FROM MyGuests WHERE id=".$_GET['guest_id'];
$result = db_query($conn, $sql);