claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Protect against sql injection attacks in sql INSERT statements

Browse Source
This commit is contained in:
Chris Morgan
2006-06-24 04:20:32 +00:00
committed by WineHQ
parent c31173ef9e
commit fb0f3b5dd3
20 changed files with 208 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
admin/adminAppDataQueue.php
View File

@@ -168,10 +168,12 @@ if (!$aClean['id'])
$oScreenshot->unQueue();
}
elseif ($obj_row->type == "url")
{ // FIXME: use Link class
$query = "INSERT INTO appData VALUES (null, ".$obj_row->versionId.", 'url', ".
"'".$aClean['description']."', '".$obj_row->url."')";
if (query_appdb($sQuery))
{
$hResult = query_parameters("INSERT INTO appData (id, appId, versionId, type, ".
"description, url) VALUES (?, '?', '?', '?', '?', '?')",
"null", $obj_row->appId, $obj_row->versionId,
"url", $aClean['description'], $obj_row->url);
if($hResult)
{
$statusMessage = "<p>The application data was successfully added into the database</p>\n";