Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix SQLi in MY_Checkin_Api_Object.php #645
Parameterize query to check if user email exists
  • Loading branch information
rjmackay committed Jul 2, 2012
1 parent e0e2b66 commit 68d9916
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions application/libraries/api/MY_Checkin_Api_Object.php
Expand Up @@ -377,8 +377,8 @@ public function register_checkin($mobileid,$lat,$lon,$message=FALSE,$firstname=F

// Check if email exists

$query = 'SELECT id FROM '.$this->table_prefix.'users WHERE `email` = \''.$user_email.'\' LIMIT 1;';
$usercheck = $this->db->query($query);
$query = 'SELECT id FROM `'.$this->table_prefix.'users` WHERE `email` = ? LIMIT 1;';
$usercheck = $this->db->query($query, $user_email);

if ( isset($usercheck[0]->id) )
{
Expand Down

0 comments on commit 68d9916

Please sign in to comment.