mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 22:10:45 +02:00
Code Issues Releases Wiki Activity

Hopefully this addresses the \' and '' problems with MSSQL, etc. ... I'd like opinions on the security of doing this.

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@1661 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
2001-12-21 15:51:31 +00:00
parent f5afff4c55
commit 6c2e3922b1
4 changed files with 16 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/groupcp.php
View File

@@ -316,7 +316,7 @@ else if( $group_id )
$sql = "SELECT user_id, user_email
FROM " . USERS_TABLE . "
WHERE username = '$username'";
WHERE username = '" . str_replace("\'", "''", $username) . "'";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Could not get user information", $lang['Error'], __LINE__, __FILE__, $sql);