Fixed a SQL injection

This commit is contained in:
root 2008-01-03 10:08:07 +00:00
parent df42c88a5b
commit 7bfa208a4e

View file

@ -13,7 +13,7 @@
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".$_REQUEST[orgid]."'";
$query = "select * from `orginfo` where `id`='".intval($_REQUEST[orgid])."'";
$row = mysql_fetch_assoc(mysql_query($query));
?>
<form method="post" action="account.php">