Skip to content
Permalink
Browse files Browse the repository at this point in the history
* htdocs/prospection/save_contact.php: fixed SQL injection, yet again
  • Loading branch information
cyril-bouthors committed Apr 12, 2013
1 parent bfccab3 commit 165dfca
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions htdocs/prospection/save_contact.php
Expand Up @@ -39,14 +39,14 @@
$_SESSION['tmp_message'] = $_SESSION['message'];

$q = sprintf("INSERT INTO webfinance_personne (nom,prenom,email,tel,mobile,client,fonction,date_created,note) VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', now(),'%s')",
$_POST['nom'],
$_POST['prenom'],
$_POST['email'],
removeSpace($_POST['tel']),
removeSpace($_POST['mobile']),
$_POST['client'],
$_POST['fonction'],
$_POST['note'] );
mysql_real_escape_string($_POST['nom']),
mysql_real_escape_string($_POST['prenom']),
mysql_real_escape_string($_POST['email']),
mysql_real_escape_string(removeSpace($_POST['tel'])),
mysql_real_escape_string(removeSpace($_POST['mobile'])),
mysql_real_escape_string($_POST['client']),
mysql_real_escape_string($_POST['fonction']),
mysql_real_escape_string($_POST['note'] ));

mysql_query($q)
or die("QUERY ERROR: $q ".mysql_error());
Expand Down

0 comments on commit 165dfca

Please sign in to comment.