From 14df0d4b8d95f4c0240c0bd98c6ce9b74706e3ca Mon Sep 17 00:00:00 2001 From: swiergot Date: Thu, 16 Aug 2007 00:25:04 +0000 Subject: - Applied a patch from Loui to fix session removal. - Replaced all occurences of mysql_escape_string() with mysql_real_escape_string(). --- web/html/index.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'web/html/index.php') diff --git a/web/html/index.php b/web/html/index.php index 56c52a2..3915483 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -28,8 +28,8 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { $_REQUEST["pass"] = md5($_REQUEST["pass"]); $dbh = db_connect(); $q = "SELECT ID, Suspended FROM Users "; - $q.= "WHERE Username = '" . mysql_escape_string($_REQUEST["user"]) . "' "; - $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'"; + $q.= "WHERE Username = '" . mysql_real_escape_string($_REQUEST["user"]) . "' "; + $q.= "AND Passwd = '" . mysql_real_escape_string($_REQUEST["pass"]) . "'"; $result = db_query($q, $dbh); if (!$result) { $login_error = __("Error looking up username, %s.", -- cgit v1.2.3-70-g09d2