claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Escape $_POST vars with mysql_real_escape_string() to prevent sql

Browse Source 
injection attacks.
This commit is contained in:
Stefan Pflüger
2005-01-02 17:00:04 +00:00
committed by WineHQ
parent 72150edc80
commit ae3b27acf6
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
votestats.php
View File

@@ -17,10 +17,14 @@ $categoryId = "any"; /* default to all categories */
/* process the post variables to override the default settings */ /* process the post variables to override the default settings */
if($_POST) if($_POST)
{ {
if(isset($_POST['topNumber'])) $topNumber = $_POST['topNumber']; if(isset($_POST['topNumber'])) $topNumber = (int)mysql_real_escape_string($_POST['topNumber']);
if(isset($_POST['categoryId'])) $categoryId = $_POST['categoryId']; if(isset($_POST['categoryId'])) $categoryId = mysql_real_escape_string($_POST['categoryId']);
} }
/* Check if the value makes sense */
if(!is_integer($topNumber) || $topNumber > 200 || $topNumber < 1)
$topNumber = 25;
apidb_header("Vote Stats - Top $topNumber Applications"); apidb_header("Vote Stats - Top $topNumber Applications");
/* display the selection for the top number of apps to view */ /* display the selection for the top number of apps to view */