diff --git a/index.php b/index.php
index 6281d9a0caf..fabcf762d28 100644
--- a/index.php
+++ b/index.php
@@ -450,7 +450,7 @@ function loadanswers()
function getTokenData($surveyid, $token)
{
global $dbprefix, $connect;
- $query = "SELECT * FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='$token'";
+ $query = "SELECT * FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".db_quote($token)."'";
$result = db_execute_assoc($query) or die("Couldn't get token info in getTokenData()
".$query."
".htmlspecialchars($connect->ErrorMsg()));
while($row=$result->FetchRow())
{
@@ -902,12 +902,12 @@ function submittokens()
{
$utquery .= "SET completed='Y'\n";
}
- $utquery .= "WHERE token='{$_POST['token']}'";
+ $utquery .= "WHERE token='".db_quote($_POST['token'])."'";
$utresult = $connect->Execute($utquery) or die ("Couldn't update tokens table!
\n$utquery
\n".htmlspecialchars($connect->ErrorMsg()));
// TLR change to put date into sent and completed
- $cnfquery = "SELECT * FROM ".db_table_name("tokens_$surveyid")." WHERE token='{$_POST['token']}' AND completed!='N' AND completed!=''";
+ $cnfquery = "SELECT * FROM ".db_table_name("tokens_$surveyid")." WHERE token='".db_quote($_POST['token'])."' AND completed!='N' AND completed!=''";
$cnfresult = db_execute_assoc($cnfquery);
while ($cnfrow = $cnfresult->FetchRow())
@@ -1110,7 +1110,7 @@ function buildsurveysession()
elseif ($tokensexist == 1 && returnglobal('token'))
{
//check if token actually does exist
- $tkquery = "SELECT COUNT(*) FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".trim(returnglobal('token'))."' AND (completed = 'N' or completed='')";
+ $tkquery = "SELECT COUNT(*) FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".db_quote(trim(returnglobal('token')))."' AND (completed = 'N' or completed='')";
$tkresult = db_execute_num($tkquery);
list($tkexist) = $tkresult->FetchRow();
if (!$tkexist)
@@ -1146,7 +1146,7 @@ function buildsurveysession()
if (isset($_GET['token'])){
//get language from token (if one exists)
- $tkquery2 = "SELECT * FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".trim(returnglobal('token'))."' AND (completed = 'N' or completed='')";
+ $tkquery2 = "SELECT * FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".db_quote(trim(returnglobal('token')))."' AND (completed = 'N' or completed='')";
//echo $tkquery2;
$result = db_execute_assoc($tkquery2) or die ("Couldn't get tokens
$tkquery
".htmlspecialchars($connect->ErrorMsg()));
while ($rw = $result->FetchRow())