- Applied a patch from Loui to fix session removal.

- Replaced all occurences of mysql_escape_string() with mysql_real_escape_string().
author: swiergot <swiergot> 2007-09-20 17:33:04 +0200
committer: swiergot <swiergot> 2007-09-20 17:33:04 +0200
commit: 0b92839bee80fc2ba6ea67be1e48d176c0d242bc (patch)
tree: 6aa8f1250ffe26ffe980d5aa77205586a236dfb0 /web/html/index.php
parent: 9ab02ad6a752e993bad3fe991a6a16a26d7cfcdd (diff)
download: aur-0b92839bee80fc2ba6ea67be1e48d176c0d242bc.tar.gz
aur-0b92839bee80fc2ba6ea67be1e48d176c0d242bc.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/web/html/index.php b/web/html/index.php
index 56c52a2f..39154833 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -28,8 +28,8 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
 		$_REQUEST["pass"] = md5($_REQUEST["pass"]);
 		$dbh = db_connect();
 		$q = "SELECT ID, Suspended FROM Users ";
-		$q.= "WHERE Username = '" . mysql_escape_string($_REQUEST["user"]) . "' ";
-		$q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'";
+		$q.= "WHERE Username = '" . mysql_real_escape_string($_REQUEST["user"]) . "' ";
+		$q.= "AND Passwd = '" . mysql_real_escape_string($_REQUEST["pass"]) . "'";
 		$result = db_query($q, $dbh);
 		if (!$result) {
 			$login_error = __("Error looking up username, %s.",
author	swiergot <swiergot>	2007-09-20 17:33:04 +0200
committer	swiergot <swiergot>	2007-09-20 17:33:04 +0200
commit	0b92839bee80fc2ba6ea67be1e48d176c0d242bc (patch)
tree	6aa8f1250ffe26ffe980d5aa77205586a236dfb0 /web/html/index.php
parent	9ab02ad6a752e993bad3fe991a6a16a26d7cfcdd (diff)
download	aur-0b92839bee80fc2ba6ea67be1e48d176c0d242bc.tar.gz aur-0b92839bee80fc2ba6ea67be1e48d176c0d242bc.tar.xz