claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use query_parameters() in SQL select, update and delete statements to protect against

Browse Source 
sql injection attacks
This commit is contained in:
Chris Morgan
2006-06-27 19:16:27 +00:00
committed by WineHQ
parent e6458694f4
commit e3f9e5371a
46 changed files with 602 additions and 484 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
admin/adminMaintainerQueue.php
View File

@@ -33,8 +33,8 @@ if ($aClean['sub'])
$sQuery = "SELECT queueId, appId, versionId,".
"userId, maintainReason, superMaintainer,".
"UNIX_TIMESTAMP(submitTime) as submitTime ".
"FROM appMaintainerQueue WHERE queueId = ".$aClean['queueId'].";";
$hResult = query_appdb($sQuery);
"FROM appMaintainerQueue WHERE queueId = '?'";
$hResult = query_parameters($sQuery, $aClean['queueId']);
$oRow = mysql_fetch_object($hResult);
$oUser = new User($oRow->userId);
mysql_free_result($hResult);
@@ -209,8 +209,9 @@ if ($aClean['sub'])
}
//delete main item
$sQuery = "DELETE from appMaintainerQueue where queueId = ".$aClean['queueId'].";";
$hResult = query_appdb($sQuery,"unable to delete selected maintainer application");
$sQuery = "DELETE from appMaintainerQueue where queueId = '?'";
$hResult = query_parameters($sQuery, $aClean['queueId']);
if(!$hResult) addmsg("unable to delete selected maintainer application", "red");
echo html_frame_start("Delete maintainer application",400,"",0);
if($hResult)
{
@@ -237,7 +238,7 @@ if ($aClean['sub'])
"superMaintainer,".
"submitTime as submitTime ".
"from appMaintainerQueue;";
$hResult = query_appdb($sQuery);
$hResult = query_parameters($sQuery);
if(!$hResult || !mysql_num_rows($hResult))
{