Skip to content
Permalink
Browse files Browse the repository at this point in the history
#42 fix SQL-Injection
  • Loading branch information
happyman committed Sep 11, 2019
1 parent f13a8d1 commit babbec7
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion twmap3/data/ajaxCRUD/pointdata2.php
Expand Up @@ -19,7 +19,7 @@
$sql .= " where name like '%" . addslashes($q) . "%'";
$order = " order by length(name)";
} else if (!empty($id)) {
$sql .= " where id = $id";
$sql .= " where id = ". pg_escape_string($id);
$order = "";
}

Expand Down
2 changes: 1 addition & 1 deletion twmap3/data/ajaxCRUD_old/pointdata2.php
Expand Up @@ -19,7 +19,7 @@
$sql .= " where name like '%" . addslashes($q) . "%'";
$order = " order by length(name)";
} else if (!empty($id)) {
$sql .= " where id = $id";
$sql .= " where id = ".pg_escape_string($id);
$order = "";
}

Expand Down

0 comments on commit babbec7

Please sign in to comment.