claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Protect against sql injection attacks in sql INSERT statements

Browse Source
This commit is contained in:
Chris Morgan
2006-06-24 04:20:32 +00:00
committed by WineHQ
parent c31173ef9e
commit fb0f3b5dd3
20 changed files with 208 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
include/version.php
View File

@@ -182,17 +182,14 @@ class Version {
else
$this->sQueued = 'false';
$aInsert = compile_insert_string(array( 'versionName' => $this->sName,
'description' => $this->sDescription,
'maintainer_release'=> $this->sTestedRelease,
'maintainer_rating' => $this->sTestedRating,
'appId' => $this->iAppId,
'submitterId' => $_SESSION['current']->iUserId,
'queued' => $this->sQueued ));
$sFields = "({$aInsert['FIELDS']})";
$sValues = "({$aInsert['VALUES']})";
$hResult = query_parameters("INSERT INTO appVersion (versionName, description, maintainer_release,".
"maintainer_rating, appId, submitterId, queued) VALUES ".
"('?', '?', '?', '?', '?', '?', '?')",
$this->sName, $this->sDescription, $this->sTestedRelease,
$this->sTestedRating, $this->iAppId, $_SESSION['current']->iUserId,
$this->sQueued);
if(query_appdb("INSERT INTO appVersion $sFields VALUES $sValues", "Error while creating a new version."))
if($hResult)
{
$this->iVersionId = mysql_insert_id();
$this->Version($this->iVersionId);
@@ -201,6 +198,7 @@ class Version {
}
else
{
addmsg("Error while creating a new version", "red");
return false;
}
}