Use query_parameters() in SQL select, update and delete statements to protect against

sql injection attacks
2006-06-27 19:16:27 +00:00
parent e6458694f4
commit e3f9e5371a
46 changed files with 602 additions and 484 deletions
--- a/admin/adminAppDataQueue.php
+++ b/admin/adminAppDataQueue.php
@@ -178,7 +178,7 @@ if (!$aClean['id'])
                $statusMessage = "<p>The application data was successfully added into the database</p>\n";

                //delete the item from the queue
-                query_appdb("DELETE from appData where id = ".$obj_row->id.";");
+                query_parameters("DELETE from appData where id = '?'", $obj_row->id);
        
                //Send Status Email
                $oUser = new User($obj_row->userId);