claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Protect against sql injection attacks in sql INSERT statements

Browse Source
This commit is contained in:
Chris Morgan
2006-06-24 04:20:32 +00:00
committed by WineHQ
parent c31173ef9e
commit fb0f3b5dd3
20 changed files with 208 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
include/category.php
View File

@@ -76,20 +76,20 @@ class Category {
*/
function create($sName=null, $sDescription=null, $iParentId=null)
{
$aInsert = compile_insert_string(array( 'catName'=> $sName,
'catDescription' => $sDescription,
'catParent' => $iParentId ));
$sFields = "({$aInsert['FIELDS']})";
$sValues = "({$aInsert['VALUES']})";
if(query_appdb("INSERT INTO appCategory $sFields VALUES $sValues", "Error while creating a new vendor."))
$hResult = query_parameters("INSERT INTO appCategory (catName, catDescription, catParent) ".
"VALUES('?', '?', '?')",
$sName, $sDescription, $iParentId);
if($hResult)
{
$this->iCatId = mysql_insert_id();
$this->category($this->iCatId);
return true;
}
else
{
addmsg("Error while creating a new vendor.", "red");
return false;
}
}