Added SQL Injection prevention
This commit is contained in:
root
parent
d9951a9ddd
commit
3ee1bb2e4f
1 changed files with 4 additions and 4 deletions
|
|
@ -14,13 +14,13 @@ if (!preg_match('/^(mem|org)-[0-9]+$/', @$_POST['usernym']))
|
|||
|
||||
if (preg_match('/^mem-[0-9]+$/', @$_POST['usernym']))
|
||||
{
|
||||
mysql_query("update emailcerts set coll_found=1 where memid='".substr(@$_POST['usernym'],4)."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
|
||||
mysql_query("update domaincerts set coll_found=1 where memid='".substr(@$_POST['usernym'],4)."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
|
||||
mysql_query("update emailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
|
||||
mysql_query("update domaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
|
||||
}
|
||||
else
|
||||
{
|
||||
mysql_query("update orgemailcerts set coll_found=1 where memid='".substr(@$_POST['usernym'],4)."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
|
||||
mysql_query("update orgdomaincerts set coll_found=1 where memid='".substr(@$_POST['usernym'],4)."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
|
||||
mysql_query("update orgemailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
|
||||
mysql_query("update orgdomaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
|
||||
}
|
||||
|
||||
//exec(REPORT_WEAK . ' ' . $_POST['usernym'] . ' ' . lower($_POST['pkhash']));
|
||||
|
|
|
|||
Loading…
Reference in a new issue