Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Make sure we quote that sucker

  • Loading branch information...
commit 1850a83f6934d2896a15455490b6f94a8bbcd156 1 parent e36ea05
Chris Nandor authored September 16, 2003

Showing 1 changed file with 8 additions and 7 deletions. Show diff stats Hide diff stats

  1. 15  Slash/DB/MySQL/MySQL.pm
15  Slash/DB/MySQL/MySQL.pm
@@ -7319,6 +7319,7 @@ sub getUsersNicknamesByUID {
7319 7319
 sub getUser {
7320 7320
 	my($self, $id, $val) = @_;
7321 7321
 	my $answer;
  7322
+	my $id_q = $self->sqlQuote($id);
7322 7323
 
7323 7324
 	my $constants = getCurrentStatic();
7324 7325
 	my $start_time = Time::HiRes::time;
@@ -7376,7 +7377,7 @@ sub getUser {
7376 7377
 		chop($values);
7377 7378
 
7378 7379
 		for (sort keys %tables) {
7379  
-			$where .= "$_.uid=$id AND ";
  7380
+			$where .= "$_.uid=$id_q AND ";
7380 7381
 		}
7381 7382
 		$where =~ s/ AND $//;
7382 7383
 
@@ -7384,17 +7385,17 @@ sub getUser {
7384 7385
 		$answer = $self->sqlSelectHashref($values, $table, $where)
7385 7386
 			if $values;
7386 7387
 		for (@param) {
7387  
-			$answer->{$_} = $self->sqlSelect('value', 'users_param', "uid=$id AND name='$_'");
  7388
+			$answer->{$_} = $self->sqlSelect('value', 'users_param', "uid=$id_q AND name='$_'");
7388 7389
 		}
7389 7390
 
7390 7391
 	} elsif ($val) {
7391 7392
 		(my $clean_val = $val) =~ s/^-//;
7392 7393
 		my $table = $self->{$cache}{$clean_val};
7393 7394
 		if ($table) {
7394  
-			$answer = $self->sqlSelect($val, $table, "uid=$id");
  7395
+			$answer = $self->sqlSelect($val, $table, "uid=$id_q");
7395 7396
 		} else {
7396 7397
 			# First we try it as an acl param -acs
7397  
-			$answer = $self->sqlSelect('value', 'users_param', "uid=$id AND name='$val'");
  7398
+			$answer = $self->sqlSelect('value', 'users_param', "uid=$id_q AND name='$val'");
7398 7399
 		}
7399 7400
 
7400 7401
 	} else {
@@ -7424,7 +7425,7 @@ sub getUser {
7424 7425
 					@tables_thispass = @tables_ordered;
7425 7426
 				}
7426 7427
 				my $table = join(",", @tables_thispass);
7427  
-				my $where = join(" AND ", map { "$_.uid=$id" } @tables_thispass);
  7428
+				my $where = join(" AND ", map { "$_.uid=$id_q" } @tables_thispass);
7428 7429
 				if (!$answer) {
7429 7430
 					$answer = $self->sqlSelectHashref('*', $table, $where);
7430 7431
 				} else {
@@ -7438,11 +7439,11 @@ sub getUser {
7438 7439
 			}
7439 7440
 
7440 7441
 			my($append_acl, $append);
7441  
-			$append_acl = $self->sqlSelectColArrayref('acl', 'users_acl', "uid=$id");
  7442
+			$append_acl = $self->sqlSelectColArrayref('acl', 'users_acl', "uid=$id_q");
7442 7443
 			for (@$append_acl) {
7443 7444
 				$answer->{acl}{$_} = 1;
7444 7445
 			}
7445  
-			$append = $self->sqlSelectAll('name,value', 'users_param', "uid=$id");
  7446
+			$append = $self->sqlSelectAll('name,value', 'users_param', "uid=$id_q");
7446 7447
 			for (@$append) {
7447 7448
 				$answer->{$_->[0]} = $_->[1];
7448 7449
 			}

0 notes on commit 1850a83

Please sign in to comment.
Something went wrong with that request. Please try again.