Permalink
Browse files

addslashes() on messages from users before inserting into db.

  • Loading branch information...
defacer
defacer committed Sep 9, 2004
1 parent 06dc71e commit a10b3ade4d3d60e9ddc11c2ab6dc011656e6b93c
Showing with 7 additions and 0 deletions.
  1. +7 −0 mod/chat/chatd.php
View
@@ -408,9 +408,16 @@ function dispatch_sidekick($handle, $type, $sessionid, $customdata) {
break;
}
+ // A slight hack to prevent malformed SQL inserts
+ $origmsg = $msg->message;
+ $msg->message = addslashes($msg->message);
+
// Commit to DB
insert_record('chat_messages', $msg);
+ // Undo the hack
+ $msg->message = $origmsg;
+
// OK, now push it out to all users
$this->message_broadcast($msg, $this->sets_info[$sessionid]['user']);

0 comments on commit a10b3ad

Please sign in to comment.