Permalink
Browse files

[38] Corrected query escaping of strings

Signed-off-by: DoesntMatter <jaed1@gmx.net>
  • Loading branch information...
DoesntMatter committed Jan 23, 2012
1 parent 9d54862 commit 809d9375ddadcca12e7c60bc47adde6bb8b1f2e9
Showing with 7 additions and 0 deletions.
  1. +7 −0 libs/SQL.pm
View
@@ -87,6 +87,13 @@ sub CreateSQL {
# $items[$i][5] Subject
# $items[$i][6] Body
if ($items[$i][5]) {
$items[$i][5] =~ s/'/\\'/; # Needed to escape string in query
}
if ($items[$i][6]) {
$items[$i][6] =~ s/'/\\'/; # Needed to escape string in query
}
print FILE "
INSERT IGNORE INTO `$table` VALUES ('$items[$i][1]', '$items[$i][2]', '$items[$i][3]', '$items[$i][4]', '$items[$i][5]', '$items[$i][6]');";
}

0 comments on commit 809d937

Please sign in to comment.