Commit 63ae328ee7b17de7470d95321ff3fdb91419755d
1 parent
7ec33fda
Use parameterised queries here too.
Submitted by: Stefano Ciancio (sciancio) SF Tracker: 1123057 git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@3246 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
4 additions
and
2 deletions
lib/database/lookup.inc
| ... | ... | @@ -82,9 +82,11 @@ function lookupGroupIDs($userID) { |
| 82 | 82 | function lookupField($tableName, $selectFieldName, $whereFieldName, $whereFieldValue) { |
| 83 | 83 | global $default; |
| 84 | 84 | $sql = $default->db; |
| 85 | - $query = "select $selectFieldName from $tableName where $whereFieldName = '". $whereFieldValue . "'" ; | |
| 85 | + $query = "select $selectFieldName from $tableName where $whereFieldName = ?" ; | |
| 86 | + | |
| 87 | + $aParams = array($whereFieldValue); | |
| 86 | 88 | |
| 87 | - if ($sql->query($query)) { | |
| 89 | + if ($sql->query(array($query, $aParams))) { | |
| 88 | 90 | if ($sql->next_record()) { |
| 89 | 91 | return $sql->f($selectFieldName); |
| 90 | 92 | } else { | ... | ... |