claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use query_parameters() in SQL select, update and delete statements to protect against

Browse Source 
sql injection attacks
This commit is contained in:
Chris Morgan
2006-06-27 19:16:27 +00:00
committed by WineHQ
parent e6458694f4
commit e3f9e5371a
46 changed files with 602 additions and 484 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
admin/adminMaintainers.php
View File

@@ -28,8 +28,8 @@ if ($aClean['sub'])
{
if($aClean['sub'] == 'delete')
{
$sQuery = "DELETE FROM appMaintainers WHERE maintainerId = ".$aClean['maintainerId'].";";
$hResult = query_appdb($sQuery);
$sQuery = "DELETE FROM appMaintainers WHERE maintainerId = '?'";
$hResult = query_parameters($sQuery, $aClean['maintainerId']);
echo html_frame_start("Delete maintainer: ".$aClean['maintainerId'],400,"",0);
if($hResult)
{
@@ -44,7 +44,7 @@ if ($aClean['sub'])
// get available maintainers
$sQuery = "SELECT * FROM appMaintainers, user_list where appMaintainers.userId = user_list.userid";
$sQuery.= " ORDER BY realname;";
$hResult = query_appdb($sQuery);
$hResult = query_parameters($sQuery);
if(!$hResult || !mysql_num_rows($hResult))
{