diff options
| author | swiergot <swiergot> | 2007-09-20 15:33:04 +0000 |
|---|---|---|
| committer | swiergot <swiergot> | 2007-09-20 15:33:04 +0000 |
| commit | 0b92839bee80fc2ba6ea67be1e48d176c0d242bc (patch) | |
| tree | 6aa8f1250ffe26ffe980d5aa77205586a236dfb0 /web/html/index.php | |
| parent | 9ab02ad6a752e993bad3fe991a6a16a26d7cfcdd (diff) | |
- Applied a patch from Loui to fix session removal.
- Replaced all occurences of mysql_escape_string()
with mysql_real_escape_string().
Diffstat (limited to 'web/html/index.php')
| -rw-r--r-- | web/html/index.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/web/html/index.php b/web/html/index.php index 56c52a2..3915483 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -28,8 +28,8 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { $_REQUEST["pass"] = md5($_REQUEST["pass"]); $dbh = db_connect(); $q = "SELECT ID, Suspended FROM Users "; - $q.= "WHERE Username = '" . mysql_escape_string($_REQUEST["user"]) . "' "; - $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'"; + $q.= "WHERE Username = '" . mysql_real_escape_string($_REQUEST["user"]) . "' "; + $q.= "AND Passwd = '" . mysql_real_escape_string($_REQUEST["pass"]) . "'"; $result = db_query($q, $dbh); if (!$result) { $login_error = __("Error looking up username, %s.", |