external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Applied a patch from Loui to fix session removal.

Browse source 
- Replaced all occurences of mysql_escape_string()
  with mysql_real_escape_string().
This commit is contained in:
swiergot 2007-09-20 15:33:04 +00:00
parent 9ab02ad6a7
commit 0b92839bee
8 changed files with 71 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

4
web/html/index.php
View file

@ -28,8 +28,8 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
$_REQUEST["pass"] = md5($_REQUEST["pass"]);
$dbh = db_connect();
$q = "SELECT ID, Suspended FROM Users ";
$q.= "WHERE Username = '" . mysql_escape_string($_REQUEST["user"]) . "' ";
$q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'";
$q.= "WHERE Username = '" . mysql_real_escape_string($_REQUEST["user"]) . "' ";
$q.= "AND Passwd = '" . mysql_real_escape_string($_REQUEST["pass"]) . "'";
$result = db_query($q, $dbh);
if (!$result) {
$login_error = __("Error looking up username, %s.",