claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Protect against sql injection attacks in sql INSERT statements

Browse Source
This commit is contained in:
Chris Morgan
2006-06-24 04:20:32 +00:00
committed by WineHQ
parent c31173ef9e
commit fb0f3b5dd3
20 changed files with 208 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
include/distributions.php
View File

@@ -96,14 +96,11 @@ class distribution{
else
$this->sQueued = 'false';
$aInsert = compile_insert_string(array( 'name' => $this->sName,
'url' => $this->sUrl,
'submitterId' => $_SESSION['current']->iUserId,
'queued' => $this->sQueued ));
$sFields = "({$aInsert['FIELDS']})";
$sValues = "({$aInsert['VALUES']})";
if(query_appdb("INSERT INTO distributions $sFields VALUES $sValues", "Error while creating Distribution."))
$hResult = query_parameters("INSERT INTO distributions (name, url, submitterId, queued) ".
"VALUES ('?', '?', '?', '?')",
$this->sName, $this->sUrl, $_SESSION['current']->iUserId,
$this->sQueued);
if($hResult)
{
$this->iDistributionId = mysql_insert_id();
$this->distribution($this->iDistributionId);
@@ -111,7 +108,10 @@ class distribution{
return true;
}
else
{
addmsg("Error while creating Distribution.", "red");
return false;
}
}
// Update Distribution.