mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-15 14:16:28 +02:00
Code Issues Releases Wiki Activity

- fix sql escaping for non-mysql db's (we forgot this one, or removed it accidently)

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5356 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2005-12-19 18:01:36 +00:00
parent 79e57f8a0c
commit 1a94e75c38
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/includes/functions.php
View File

@ -158,7 +158,7 @@ function get_userdata($user, $force_str = false)
$sql = "SELECT *
FROM " . USERS_TABLE . "
WHERE ";
$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . $user . "'" ) . " AND user_id <> " . ANONYMOUS;
$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql);