mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
SQL: treat all UID/ID values as numbers, not strings
Ensure we are not quoting these values in any of our SQL queries. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Dan McGee
Lukas Fleischer
parent
fcda6671f3
commit
3609cf140e
4 changed files with 15 additions and 15 deletions
|
|
@ -325,7 +325,7 @@ if ($uid):
|
|||
}
|
||||
|
||||
# Update package data
|
||||
$q = sprintf("UPDATE Packages SET ModifiedTS = UNIX_TIMESTAMP(), Name = '%s', Version = '%s-%s', License = '%s', Description = '%s', URL = '%s', OutOfDateTS = NULL, MaintainerUID = '%d' WHERE ID = %d",
|
||||
$q = sprintf("UPDATE Packages SET ModifiedTS = UNIX_TIMESTAMP(), Name = '%s', Version = '%s-%s', License = '%s', Description = '%s', URL = '%s', OutOfDateTS = NULL, MaintainerUID = %d WHERE ID = %d",
|
||||
mysql_real_escape_string($new_pkgbuild['pkgname']),
|
||||
mysql_real_escape_string($new_pkgbuild['pkgver']),
|
||||
mysql_real_escape_string($new_pkgbuild['pkgrel']),
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue