[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 41/219: SQL : protection injection
|
From: |
Dany De Bontridder |
|
Subject: |
[Noalyss-commit] [noalyss] 41/219: SQL : protection injection |
|
Date: |
Mon, 18 Dec 2017 13:22:34 -0500 (EST) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit c1aeb5113e9c311244f01188ce4e6d3104c8d621
Author: Dany De Bontridder <address@hidden>
Date: Mon Sep 11 19:00:57 2017 +0200
SQL : protection injection
---
include/class/anc_plan.class.php | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/include/class/anc_plan.class.php b/include/class/anc_plan.class.php
index 11d382a..78b5715 100644
--- a/include/class/anc_plan.class.php
+++ b/include/class/anc_plan.class.php
@@ -81,7 +81,7 @@ class Anc_Plan
function delete()
{
if ( $this->id == 0 ) return;
- $this->db->exec_sql("delete from plan_analytique where
pa_id=".$this->id);
+ $this->db->exec_sql("delete from plan_analytique where
pa_id=$1",array($this->id));
}
function update()
@@ -104,9 +104,8 @@ class Anc_Plan
if ( $this->isAppend() == false) return;
$description=sql_string($this->description);
$this->db->exec_sql("insert into
plan_analytique(pa_name,pa_description)".
- " values (".
- "'".$name."',".
- "'".$description."')");
+ " values ($1,$2 )"
+ ,array($name,$description));
$this->id=$this->db->get_current_seq('plan_analytique_pa_id_seq');
}
@@ -141,8 +140,8 @@ class Anc_Plan
*/
function get_poste_analytique($p_order="")
{
- $sql="select po_id,po_name from poste_analytique where
pa_id=".$this->id." $p_order";
- $r=$this->db->exec_sql($sql);
+ $sql="select po_id,po_name from poste_analytique where pa_id=$1
$p_order";
+ $r=$this->db->exec_sql($sql,array($this->id));
$ret=array();
if ( Database::num_row($r) == 0 )
return $ret;
@@ -177,8 +176,8 @@ class Anc_Plan
}
function exist()
{
- $a=$this->db->count_sql("select pa_id from plan_analytique where
pa_id=".
- Database::escape_string($this->pa_id));
+ $a=$this->db->count_sql("select pa_id from plan_analytique where
pa_id=$1",
+ array($this->pa_id));
return ($a==0)?false:true;
- [Noalyss-commit] [noalyss] branch master updated (1d55507 -> 689dfc2), Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 51/219: task #0001463: Calculatrice - 4 décimales, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 41/219: SQL : protection injection,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 23/219: improve doc, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 48/219: Rewriting for PLANANC ajax add, delete and update analytic accounting, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 84/219: Improve appearance, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 65/219: CFGSEC : the ledgers are now updated thanks an inplace class, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 105/219: CSS : change menu, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 06/219: Fix bug and esthetic : the var. dep can be empty, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 09/219: profil : CFGPRO , correct, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 72/219: Warning : use new icon, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 36/219: Task #0001411: Faire des boutons du menu des... boutons. uniquement classic & light, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 66/219: CFGSEC : action and ledger are set thanks ajax Inplace_Switch : new class for ajax with a swith button, Dany De Bontridder, 2017/12/18