gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-06-01 14:37:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- no more protection against sql injection in sanitizeString() (it's been

Browse Source 
done when the sql statements are put together)
This commit is contained in:
steinm 2011-12-02 09:13:07 +00:00
parent b4d4317e89
commit d9cedd79fc
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
inc/inc.Utils.php
View File

@ -54,9 +54,12 @@ function sanitizeString($string) { /* {{{ */
$string = stripslashes($string); $string = stripslashes($string);
} }
$string = str_replace("\\", "\\\\", $string); // The following three are against sql injection. They are not
$string = str_replace("--", "\-\-", $string); // needed anymore because strings are quoted propperly when saved into
$string = str_replace(";", "\;", $string); // the database.
// $string = str_replace("\\", "\\\\", $string);
// $string = str_replace("--", "\-\-", $string);
// $string = str_replace(";", "\;", $string);
// Use HTML entities to represent the other characters that have special // Use HTML entities to represent the other characters that have special
// meaning in SQL. These can be easily converted back to ASCII / UTF-8 // meaning in SQL. These can be easily converted back to ASCII / UTF-8
// with a decode function if need be. // with a decode function if need be.