claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Protect against sql injection attacks in sql INSERT statements

Browse Source
This commit is contained in:
Chris Morgan
2006-06-24 04:20:32 +00:00
committed by WineHQ
parent c31173ef9e
commit fb0f3b5dd3
20 changed files with 208 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
include/note.php
View File

@@ -49,14 +49,11 @@ class Note {
*/
function create($sTitle, $sDescription, $iVersionId)
{
$aInsert = compile_insert_string(array( 'versionId' => $iVersionId,
'noteTitle' => $sTitle,
'noteDesc' => $sDescription ));
$hResult = query_parameters("INSERT INTO appNotes (versionId, noteTitle, noteDesc) ".
"VALUES('?', '?', '?')",
$iVersionId, $sTitle, $sDescription);
$sFields = "({$aInsert['FIELDS']})";
$sValues = "({$aInsert['VALUES']})";
if(query_appdb("INSERT INTO appNotes $sFields VALUES $sValues", "Error while creating a new note."))
if($hResult)
{
$this->note(mysql_insert_id());
$sWhatChanged = "Description is:\n".$sDescription.".\n\n";
@@ -64,7 +61,10 @@ class Note {
return true;
}
else
{
addmsg("Error while creating a new note.", "red");
return false;
}
}