summaryrefslogtreecommitdiffstats
path: root/web/html/index.php
diff options
context:
space:
mode:
authorswiergot <swiergot>2007-08-16 00:25:04 +0000
committerswiergot <swiergot>2007-08-16 00:25:04 +0000
commit14df0d4b8d95f4c0240c0bd98c6ce9b74706e3ca (patch)
tree6aa8f1250ffe26ffe980d5aa77205586a236dfb0 /web/html/index.php
parentfe84915465ac941356f50cc07925e3fd42615955 (diff)
downloadaurweb-14df0d4b8d95f4c0240c0bd98c6ce9b74706e3ca.tar.xz
- Applied a patch from Loui to fix session removal.
- Replaced all occurences of mysql_escape_string() with mysql_real_escape_string().
Diffstat (limited to 'web/html/index.php')
-rw-r--r--web/html/index.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/web/html/index.php b/web/html/index.php
index 56c52a2..3915483 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -28,8 +28,8 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
$_REQUEST["pass"] = md5($_REQUEST["pass"]);
$dbh = db_connect();
$q = "SELECT ID, Suspended FROM Users ";
- $q.= "WHERE Username = '" . mysql_escape_string($_REQUEST["user"]) . "' ";
- $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'";
+ $q.= "WHERE Username = '" . mysql_real_escape_string($_REQUEST["user"]) . "' ";
+ $q.= "AND Passwd = '" . mysql_real_escape_string($_REQUEST["pass"]) . "'";
$result = db_query($q, $dbh);
if (!$result) {
$login_error = __("Error looking up username, %s.",