diff options
author | swiergot <swiergot> | 2007-09-20 15:33:04 +0000 |
---|---|---|
committer | swiergot <swiergot> | 2007-09-20 15:33:04 +0000 |
commit | 0b92839bee80fc2ba6ea67be1e48d176c0d242bc (patch) | |
tree | 6aa8f1250ffe26ffe980d5aa77205586a236dfb0 /web/html/pkgedit.php | |
parent | 9ab02ad6a752e993bad3fe991a6a16a26d7cfcdd (diff) | |
download | aurweb-0b92839bee80fc2ba6ea67be1e48d176c0d242bc.tar.xz |
- Applied a patch from Loui to fix session removal.
- Replaced all occurences of mysql_escape_string()
with mysql_real_escape_string().
Diffstat (limited to 'web/html/pkgedit.php')
-rw-r--r-- | web/html/pkgedit.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/web/html/pkgedit.php b/web/html/pkgedit.php index bb19144..36befbb 100644 --- a/web/html/pkgedit.php +++ b/web/html/pkgedit.php @@ -73,7 +73,7 @@ if ($_REQUEST["add_Comment"]) { $q = "INSERT INTO PackageComments "; $q.= "(PackageID, UsersID, Comments, CommentTS) VALUES ("; $q.= intval($_REQUEST["ID"]).", ".uid_from_sid($_COOKIE["AURSID"]) . ", "; - $q.= "'".mysql_escape_string($_REQUEST["comment"])."', "; + $q.= "'".mysql_real_escape_string($_REQUEST["comment"])."', "; $q.= "UNIX_TIMESTAMP())"; db_query($q, $dbh); print __("Comment has been added.")."<br /> <br />\n"; |