Skip to content

Commit

Permalink
Fix SQL injection in comments
Browse files Browse the repository at this point in the history
  • Loading branch information
@Dovgalyuk
Dovgalyuk committed Aug 11, 2015
1 parent 5e51243 commit e3aa4d0
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions site/procedures.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1811,6 +1811,7 @@ function sendComments($newsId, $text)
{
$newsId = intval($newsId);
$currentUserId = intval(getActiveUserID());
$text = mysqli_real_escape_string($link, $text);
if ($currentUserId != -1)
{
$query = mysqli_query($link, "INSERT INTO newsComments SET news = $newsId, user = $currentUserId, text = '$text', date = NOW()");
Expand Down

0 comments on commit e3aa4d0

Please sign in to comment.