claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Protect against sql injection attacks in sql INSERT statements

Browse Source
This commit is contained in:
Chris Morgan
2006-06-24 04:20:32 +00:00
committed by WineHQ
parent c31173ef9e
commit fb0f3b5dd3
20 changed files with 208 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
include/screenshot.php
View File

@@ -70,15 +70,11 @@ class Screenshot {
$this->bQueued = false;
}
$aInsert = compile_insert_string(array( 'versionId' => $iVersionId,
'type' => "image",
'description' => $sDescription,
'queued' => $this->bQueued?"true":"false",
'submitterId' => $_SESSION['current']->iUserId ));
$sFields = "({$aInsert['FIELDS']})";
$sValues = "({$aInsert['VALUES']})";
if(query_appdb("INSERT INTO appData $sFields VALUES $sValues", "Error while creating a new screenshot."))
$hResult = query_parameters("INSERT INTO appData (versionId, type, description, queued, submitterId) ".
"VALUES('?', '?', '?', '?', '?')",
$iVersionId, "image", $sDescription, $this->bQueued?"true":"false",
$_SESSION['current']->iUserId);
if($hResult)
{
$this->iScreenshotId = mysql_insert_id();
@@ -120,7 +116,10 @@ class Screenshot {
return true;
}
else
{
addmsg("Error while creating a new screenshot.", "red");
return false;
}
}