mirror_php/pouet.net
1
0
Fork 0
mirror of https://github.com/psenough/pouet.net.git synced 2025-01-17 13:18:24 +01:00
Code Issues Projects Releases Wiki Activity

SQL injection

Browse Source
This commit is contained in:
Erik Faye-Lund 2013-05-12 23:31:15 +02:00
parent b7df6f82ea
commit 11e71b28aa
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
logos.php
View File

@ -2,14 +2,14 @@
require("include/top.php"); require("include/top.php");
if (isset($_SESSION['SESSION']) && $id && $vote) { if (isset($_SESSION['SESSION']) && $id && $vote) {
$query = "SELECT count(0) FROM logos_votes WHERE logo=$id AND user=".$_SESSION["SCENEID_ID"]; $query = 'SELECT count(0) FROM logos_votes WHERE logo='.(int)$id.' AND user='.$_SESSION["SCENEID_ID"];
$result = mysql_query($query); $result = mysql_query($query);
if (!mysql_result($result,0)) { if (!mysql_result($result,0)) {
if ($vote == rulez) if ($vote == rulez)
$vote = 1; $vote = 1;
else else
$vote = -1; $vote = -1;
$query = "INSERT INTO logos_votes SET logo=$id, user=".$_SESSION["SCENEID_ID"].", vote=$vote"; $query = 'INSERT INTO logos_votes SET logo='.(int)$id.', user='.$_SESSION['SCENEID_ID'].', vote='.$vote;
mysql_query($query); mysql_query($query);
} }
} }