claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use query_parameters() in SQL select, update and delete statements to protect against

Browse Source 
sql injection attacks
This commit is contained in:
Chris Morgan
2006-06-27 19:16:27 +00:00
committed by WineHQ
parent e6458694f4
commit e3f9e5371a
46 changed files with 602 additions and 484 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
admin/moveAppVersion.php
View File

@@ -55,7 +55,7 @@ if(!empty($aClean['action']))
// although this cheaper select leaves out all applications that lack versions
$sQuery = "select appName, appFamily.appId, versionName, versionId from appFamily left join appVersion ";
$sQuery.= "on appVersion.appId = appFamily.appId ORDER BY appFamily.appName, appFamily.appId, appVersion.versionName;";
$hResult = query_appdb($sQuery);
$hResult = query_parameters($sQuery);
$currentAppId = 0;
while($oRow = mysql_fetch_object($hResult))
{