Skip to content
This repository has been archived by the owner on Nov 27, 2017. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
Fix sql injection
  • Loading branch information
typcn committed Dec 3, 2014
1 parent 5205c17 commit cfec310
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion package.json
@@ -1,6 +1,6 @@
{
"name": "blogile",
"version": "0.0.4",
"version": "0.0.5",
"description": "A simple lightweight blog system.",
"main": "server.js",
"repository": "git://github.com/typcn/Blogile.git",
Expand Down
2 changes: 1 addition & 1 deletion server.js
Expand Up @@ -634,7 +634,7 @@ function getNav(currpage,subdir){
}

function searchkey(query,res){
connection.query('select * from bi_posts where concat(title,content) like "%'+ query +'%"', function(err, rows) {
connection.query('select * from bi_posts where concat(title,content) like "%'+ connection.escape(query) +'%"', function(err, rows) {
if(err){ log(err,3);}
if(rows[0] === undefined){
res.contentType('application/json');
Expand Down

0 comments on commit cfec310

Please sign in to comment.