Permalink
Browse files

Fix SQLi in MY_Checkin_Api_Object.php #645

Parameterize query to check if user email exists
  • Loading branch information...
rjmackay committed Jul 2, 2012
1 parent e0e2b66 commit 68d99167a4280038f05f9faf903d3601a167e143
Showing with 2 additions and 2 deletions.
  1. +2 −2 application/libraries/api/MY_Checkin_Api_Object.php
@@ -377,8 +377,8 @@ public function register_checkin($mobileid,$lat,$lon,$message=FALSE,$firstname=F
// Check if email exists
$query = 'SELECT id FROM '.$this->table_prefix.'users WHERE `email` = \''.$user_email.'\' LIMIT 1;';
$usercheck = $this->db->query($query);
$query = 'SELECT id FROM `'.$this->table_prefix.'users` WHERE `email` = ? LIMIT 1;';
$usercheck = $this->db->query($query, $user_email);
if ( isset($usercheck[0]->id) )
{

0 comments on commit 68d9916

Please sign in to comment.