Skip to content
Permalink
Browse files Browse the repository at this point in the history
Escape SQL query for inline editing
Signed-off-by: Michal Čihař <michal@cihar.com>
  • Loading branch information
nijel committed Feb 25, 2016
1 parent 3a6a9a8 commit 7877a9c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion js/functions.js
Expand Up @@ -1840,7 +1840,7 @@ AJAX.registerOnload('functions.js', function () {
var $inner_sql = $(this).parent().prev().find('code.sql');
var old_text = $inner_sql.html();

var new_content = "<textarea name=\"sql_query_edit\" id=\"sql_query_edit\">" + sql_query + "</textarea>\n";
var new_content = "<textarea name=\"sql_query_edit\" id=\"sql_query_edit\">" + escapeHtml(sql_query) + "</textarea>\n";
new_content += getForeignKeyCheckboxLoader();
new_content += "<input type=\"submit\" id=\"sql_query_edit_save\" class=\"button btnSave\" value=\"" + PMA_messages.strGo + "\"/>\n";
new_content += "<input type=\"button\" id=\"sql_query_edit_discard\" class=\"button btnDiscard\" value=\"" + PMA_messages.strCancel + "\"/>\n";
Expand Down

0 comments on commit 7877a9c

Please sign in to comment.