From 09ff3be3726853ebed2d2557e1b5874507d337cb Mon Sep 17 00:00:00 2001
From: Carsten Schmitz <carsten.schmitz@limesurvey.org>
Date: Fri, 26 Jun 2015 08:20:43 +0200
Subject: [PATCH] Fixed issue #9720: SQL injection vulnerability in data entry

---
 application/controllers/admin/dataentry.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/application/controllers/admin/dataentry.php b/application/controllers/admin/dataentry.php
index 8c1f70d062a..b28441deddb 100644
--- a/application/controllers/admin/dataentry.php
+++ b/application/controllers/admin/dataentry.php
@@ -1716,7 +1716,7 @@ public function insert()
                         {
                             if (isset($usesleft) && $usesleft<=1)
                             {
-                                $utquery .= "SET usesleft=usesleft-1, completed='$submitdate'\n";
+                                $utquery .= "SET usesleft=usesleft-1, completed=".dbQuoteAll($submitdate);
                             }
                             else
                             {