Fixed|Web: Escape query parameter

[ci skip]
skyjake · Mar 26, 2017 · b79cb55 · b79cb55
1 parent 793a6c6
commit b79cb55
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/webapi/1/include/database.inc.php b/webapi/1/include/database.inc.php
@@ -70,6 +70,7 @@ function build_type_from_text($text)
 
 function db_get_platform($db, $platform)
 {
+    $platform = $db->real_escape_string($platform);
     $result = db_query($db, "SELECT * FROM ".DB_TABLE_PLATFORMS
         ." WHERE platform='$platform'");
     return $result->fetch_assoc();