Permalink
Browse files

Fixed SQL injection (thanks to Sijmen Ruwhof).

  • Loading branch information...
1 parent a9f9c30 commit 2978ad447e3f81a355405a40e33b57a327f66543 @derickr derickr committed Apr 15, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 html/include/header.php
View
@@ -98,7 +98,7 @@ function hits ($key)
function refer ()
{
if (isset ($_SERVER["HTTP_REFERER"]) && !empty ($_SERVER["HTTP_REFERER"])) {
- $ref = $_SERVER["HTTP_REFERER"];
+ $ref = mysql_real_escape_string( $_SERVER["HTTP_REFERER"] );
$res = @mysql_query ("SELECT * FROM refer WHERE refer = '$ref'");
if (@mysql_num_rows ($res) == 0) {

0 comments on commit 2978ad4

Please sign in to comment.