From ec17da606c2cd806f9f84fd960077028a7b29cad Mon Sep 17 00:00:00 2001 From: root Date: Sun, 28 Dec 2008 12:33:29 +0000 Subject: [PATCH] Improved SQL-Injection protection --- www/disputes.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/www/disputes.php b/www/disputes.php index b65216d..71c4ff4 100644 --- a/www/disputes.php +++ b/www/disputes.php @@ -277,8 +277,8 @@ } $hash = make_hash(); - $query = "insert into `disputeemail` set `email`='$email',`memid`='".$_SESSION['profile']['id']."', - `oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='$emailid', + $query = "insert into `disputeemail` set `email`='$email',`memid`='".intval($_SESSION['profile']['id'])."', + `oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='".intval($emailid)."', `IP`='".$_SERVER['REMOTE_ADDR']."'"; mysql_query($query);