Skip to content
Permalink
Browse files Browse the repository at this point in the history
* htdocs/admin/save_Contract_Signer_Role.php: fixed SQL injection
  • Loading branch information
cyril-bouthors committed Sep 18, 2013
1 parent 6b0a803 commit abad81a
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions htdocs/admin/save_Contract_Signer_Role.php
Expand Up @@ -34,8 +34,8 @@
$f = "(";
$values = "VALUES(";
foreach ($data as $n=>$v) {
$f .= sprintf("%s,", $n);
$values .= sprintf("'%s',", $v);
$f .= sprintf("%s,", mysql_real_escape_string($n));
$values .= sprintf("'%s',", mysql_real_escape_string($v));
}
$f = preg_replace("!,$!", ") ", $f);
$values = preg_replace("!,$!", ") ", $values);
Expand Down

0 comments on commit abad81a

Please sign in to comment.