gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-30 21:47:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- no more protection against sql injection in sanitizeString() (it's been

Browse Source 
done when the sql statements are put together)
This commit is contained in:
steinm 2011-12-02 09:13:07 +00:00
parent b4d4317e89
commit d9cedd79fc
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
inc/inc.Utils.php
View File

@ -54,9 +54,12 @@ function sanitizeString($string) { /* {{{ */
$string = stripslashes($string);
}
$string = str_replace("\\", "\\\\", $string);
$string = str_replace("--", "\-\-", $string);
$string = str_replace(";", "\;", $string);
// The following three are against sql injection. They are not
// needed anymore because strings are quoted propperly when saved into
// the database.
// $string = str_replace("\\", "\\\\", $string);
// $string = str_replace("--", "\-\-", $string);
// $string = str_replace(";", "\;", $string);
// Use HTML entities to represent the other characters that have special
// meaning in SQL. These can be easily converted back to ASCII / UTF-8
// with a decode function if need be.