From 0b92839bee80fc2ba6ea67be1e48d176c0d242bc Mon Sep 17 00:00:00 2001 From: swiergot Date: Thu, 20 Sep 2007 15:33:04 +0000 Subject: - Applied a patch from Loui to fix session removal. - Replaced all occurences of mysql_escape_string() with mysql_real_escape_string(). --- web/html/account.php | 2 +- web/html/index.php | 4 ++-- web/html/logout.php | 4 ++-- web/html/pkgedit.php | 2 +- web/html/pkgsubmit.php | 46 +++++++++++++++++++++++----------------------- web/lib/acctfuncs.inc | 36 ++++++++++++++++++------------------ web/lib/aur.inc | 22 +++++++++++----------- web/lib/pkgfuncs.inc | 26 +++++++++++++------------- 8 files changed, 71 insertions(+), 71 deletions(-) diff --git a/web/html/account.php b/web/html/account.php index eeb1e407..fba90dd6 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -106,7 +106,7 @@ if (isset($_COOKIE["AURSID"])) { $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; $q.= "AND Users.ID = Sessions.UsersID "; $q.= "AND Sessions.SessionID = '"; - $q.= mysql_escape_string($_COOKIE["AURSID"])."'"; + $q.= mysql_real_escape_string($_COOKIE["AURSID"])."'"; $result = db_query($q, $dbh); if (!mysql_num_rows($result)) { print __("Could not retrieve information for the specified user."); diff --git a/web/html/index.php b/web/html/index.php index 56c52a2f..39154833 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -28,8 +28,8 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { $_REQUEST["pass"] = md5($_REQUEST["pass"]); $dbh = db_connect(); $q = "SELECT ID, Suspended FROM Users "; - $q.= "WHERE Username = '" . mysql_escape_string($_REQUEST["user"]) . "' "; - $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'"; + $q.= "WHERE Username = '" . mysql_real_escape_string($_REQUEST["user"]) . "' "; + $q.= "AND Passwd = '" . mysql_real_escape_string($_REQUEST["pass"]) . "'"; $result = db_query($q, $dbh); if (!$result) { $login_error = __("Error looking up username, %s.", diff --git a/web/html/logout.php b/web/html/logout.php index dac7831b..be4027f7 100644 --- a/web/html/logout.php +++ b/web/html/logout.php @@ -11,9 +11,9 @@ set_lang(); # this sets up the visitor's language # sending any HTML output. # if (isset($_COOKIE["AURSID"])) { - $q = "DELETE FROM Sessions WHERE SessionID = '"; - $q.= mysql_escape_string($_COOKIE["AURSID"]) . "'"; $dbh = db_connect(); + $q = "DELETE FROM Sessions WHERE SessionID = '"; + $q.= mysql_real_escape_string($_COOKIE["AURSID"]) . "'"; db_query($q, $dbh); setcookie("AURSID", "", time() - (60*60*24*30), "/"); setcookie("AURLANG", "", time() - (60*60*24*30), "/"); diff --git a/web/html/pkgedit.php b/web/html/pkgedit.php index bb19144e..36befbb9 100644 --- a/web/html/pkgedit.php +++ b/web/html/pkgedit.php @@ -73,7 +73,7 @@ if ($_REQUEST["add_Comment"]) { $q = "INSERT INTO PackageComments "; $q.= "(PackageID, UsersID, Comments, CommentTS) VALUES ("; $q.= intval($_REQUEST["ID"]).", ".uid_from_sid($_COOKIE["AURSID"]) . ", "; - $q.= "'".mysql_escape_string($_REQUEST["comment"])."', "; + $q.= "'".mysql_real_escape_string($_REQUEST["comment"])."', "; $q.= "UNIX_TIMESTAMP())"; db_query($q, $dbh); print __("Comment has been added.")."
 
\n"; diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 9f55e542..59b41837 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -374,7 +374,7 @@ if ($_COOKIE["AURSID"]) { # purged. # $q = "SELECT * FROM Packages "; - $q.= "WHERE Name = '".mysql_escape_string($new_pkgbuild['pkgname'])."'"; + $q.= "WHERE Name = '".mysql_real_escape_string($new_pkgbuild['pkgname'])."'"; $result = db_query($q, $dbh); $pdata = mysql_fetch_assoc($result); @@ -402,13 +402,13 @@ if ($_COOKIE["AURSID"]) { } else { $q.="ModifiedTS = UNIX_TIMESTAMP(), "; } - $q.="Name='".mysql_escape_string($new_pkgbuild['pkgname'])."', "; - $q.="Version='".mysql_escape_string($new_pkgbuild['pkgver'])."-". - mysql_escape_string($new_pkgbuild['pkgrel'])."',"; - $q.="CategoryID=".mysql_escape_string($_REQUEST['category']).", "; - $q.="License='".mysql_escape_string($new_pkgbuild['license'])."', "; - $q.="Description='".mysql_escape_string($new_pkgbuild['pkgdesc'])."', "; - $q.="URL='".mysql_escape_string($new_pkgbuild['url'])."', "; + $q.="Name='".mysql_real_escape_string($new_pkgbuild['pkgname'])."', "; + $q.="Version='".mysql_real_escape_string($new_pkgbuild['pkgver'])."-". + mysql_real_escape_string($new_pkgbuild['pkgrel'])."',"; + $q.="CategoryID=".mysql_real_escape_string($_REQUEST['category']).", "; + $q.="License='".mysql_real_escape_string($new_pkgbuild['license'])."', "; + $q.="Description='".mysql_real_escape_string($new_pkgbuild['pkgdesc'])."', "; + $q.="URL='".mysql_real_escape_string($new_pkgbuild['url'])."', "; $q.="LocationID=2, "; if (account_from_sid($_COOKIE["AURSID"]) == "Trusted User" || account_from_sid($_COOKIE["AURSID"]) == "Developer") { $q.="Safe=1, VerifiedBy=".uid_from_sid($_COOKIE["AURSID"]).", "; @@ -416,9 +416,9 @@ if ($_COOKIE["AURSID"]) { $q.="Safe=0, "; } $fspath=$INCOMING_DIR.$pkg_name."/".$_FILES["pfile"]["name"]; - $q.="FSPath='".mysql_escape_string($fspath)."', "; + $q.="FSPath='".mysql_real_escape_string($fspath)."', "; $urlpath=$URL_DIR.$pkg_name."/".$_FILES["pfile"]["name"]; - $q.="URLPath='".mysql_escape_string($urlpath)."' "; + $q.="URLPath='".mysql_real_escape_string($urlpath)."' "; $q.="WHERE ID = " . $pdata["ID"]; $result = db_query($q, $dbh); @@ -461,7 +461,7 @@ if ($_COOKIE["AURSID"]) { $sources = explode(" ", $new_pkgbuild['source']); while (list($k, $v) = each($sources)) { $q = "INSERT INTO PackageSources (PackageID, Source) VALUES ("; - $q .= $pdata["ID"].", '".mysql_escape_string($v)."')"; + $q .= $pdata["ID"].", '".mysql_real_escape_string($v)."')"; db_query($q, $dbh); } @@ -470,7 +470,7 @@ if ($_COOKIE["AURSID"]) { $q = "INSERT INTO PackageComments "; $q.= "(PackageID, UsersID, Comments, CommentTS) VALUES ("; $q.= $pdata["ID"] . ", " . uid_from_sid($_COOKIE['AURSID']); - $q.= ", '" . mysql_escape_string($_REQUEST["comments"]); + $q.= ", '" . mysql_real_escape_string($_REQUEST["comments"]); $q.= "', UNIX_TIMESTAMP())"; db_query($q); @@ -484,13 +484,13 @@ if ($_COOKIE["AURSID"]) { } $q.= " SubmittedTS, SubmitterUID, MaintainerUID, FSPath, URLPath) "; $q.= "VALUES ('"; - $q.= mysql_escape_string($new_pkgbuild['pkgname'])."', '"; - $q.= mysql_escape_string($new_pkgbuild['license'])."', '"; - $q.= mysql_escape_string($new_pkgbuild['pkgver'])."-". - mysql_escape_string($new_pkgbuild['pkgrel'])."', "; - $q.= mysql_escape_string($_REQUEST['category']).", '"; - $q.= mysql_escape_string($new_pkgbuild['pkgdesc'])."', '"; - $q.= mysql_escape_string($new_pkgbuild['url']); + $q.= mysql_real_escape_string($new_pkgbuild['pkgname'])."', '"; + $q.= mysql_real_escape_string($new_pkgbuild['license'])."', '"; + $q.= mysql_real_escape_string($new_pkgbuild['pkgver'])."-". + mysql_real_escape_string($new_pkgbuild['pkgrel'])."', "; + $q.= mysql_real_escape_string($_REQUEST['category']).", '"; + $q.= mysql_real_escape_string($new_pkgbuild['pkgdesc'])."', '"; + $q.= mysql_real_escape_string($new_pkgbuild['url']); $q.= "', 2, "; if (account_from_sid($_COOKIE["AURSID"]) == "Trusted User" || account_from_sid($_COOKIE["AURSID"]) == "Developer") { $q.= "1, ".uid_from_sid($_COOKIE["AURSID"]).", "; @@ -499,9 +499,9 @@ if ($_COOKIE["AURSID"]) { $q.= uid_from_sid($_COOKIE["AURSID"]).", "; $q.= uid_from_sid($_COOKIE["AURSID"]).", '"; $fspath=$INCOMING_DIR.$pkg_name."/".$_FILES["pfile"]["name"]; - $q.= mysql_escape_string($fspath)."', '"; + $q.= mysql_real_escape_string($fspath)."', '"; $urlpath=$URL_DIR.$pkg_name."/".$_FILES["pfile"]["name"]; - $q.= mysql_escape_string($urlpath)."')"; + $q.= mysql_real_escape_string($urlpath)."')"; $result = db_query($q, $dbh); # print $result . "
"; @@ -539,7 +539,7 @@ if ($_COOKIE["AURSID"]) { $sources = explode(" ", $new_pkgbuild['source']); while (list($k, $v) = each($sources)) { $q = "INSERT INTO PackageSources (PackageID, Source) VALUES ("; - $q .= $packageID.", '".mysql_escape_string($v)."')"; + $q .= $packageID.", '".mysql_real_escape_string($v)."')"; db_query($q, $dbh); } @@ -548,7 +548,7 @@ if ($_COOKIE["AURSID"]) { $q = "INSERT INTO PackageComments "; $q.= "(PackageID, UsersID, Comments, CommentTS) VALUES ("; $q.= $packageID . ", " . uid_from_sid($_COOKIE["AURSID"]) . ", '"; - $q.= mysql_escape_string($_REQUEST["comments"]); + $q.= mysql_real_escape_string($_REQUEST["comments"]); $q.= "', UNIX_TIMESTAMP())"; db_query($q, $dbh); } diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index fe8aefbd..fa6df458 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -206,7 +206,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # NOTE: a race condition exists here if we care... # $q = "SELECT COUNT(*) AS CNT FROM Users "; - $q.= "WHERE Username = '".mysql_escape_string($U)."'"; + $q.= "WHERE Username = '".mysql_real_escape_string($U)."'"; if ($TYPE == "edit") { $q.= " AND ID != ".intval($UID); } @@ -224,7 +224,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # NOTE: a race condition exists here if we care... # $q = "SELECT COUNT(*) AS CNT FROM Users "; - $q.= "WHERE Email = '".mysql_escape_string($E)."'"; + $q.= "WHERE Email = '".mysql_real_escape_string($E)."'"; if ($TYPE == "edit") { $q.= " AND ID != ".intval($UID); } @@ -250,12 +250,12 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $P = md5($P); $q = "INSERT INTO Users (AccountTypeID, Suspended, Username, Email, "; $q.= "Passwd, RealName, LangPreference, IRCNick, NewPkgNotify) "; - $q.= "VALUES (1, 0, '".mysql_escape_string($U)."'"; - $q.= ", '".mysql_escape_string($E)."'"; - $q.= ", '".mysql_escape_string($P)."'"; - $q.= ", '".mysql_escape_string($R)."'"; - $q.= ", '".mysql_escape_string($L)."'"; - $q.= ", '".mysql_escape_string($I)."'"; + $q.= "VALUES (1, 0, '".mysql_real_escape_string($U)."'"; + $q.= ", '".mysql_real_escape_string($E)."'"; + $q.= ", '".mysql_real_escape_string($P)."'"; + $q.= ", '".mysql_real_escape_string($R)."'"; + $q.= ", '".mysql_real_escape_string($L)."'"; + $q.= ", '".mysql_real_escape_string($I)."'"; if ($N) { $q.= ", 1)"; } else { @@ -281,7 +281,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", #md5 hash the password $q = "UPDATE Users SET "; - $q.= "Username = '".mysql_escape_string($U)."'"; + $q.= "Username = '".mysql_real_escape_string($U)."'"; if ($T) { $q.= ", AccountTypeID = ".intval($T); } @@ -290,13 +290,13 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", } else { $q.= ", Suspended = 0"; } - $q.= ", Email = '".mysql_escape_string($E)."'"; + $q.= ", Email = '".mysql_real_escape_string($E)."'"; if ($P) { - $q.= ", Passwd = '".mysql_escape_string(md5($P))."'"; + $q.= ", Passwd = '".mysql_real_escape_string(md5($P))."'"; } - $q.= ", RealName = '".mysql_escape_string($R)."'"; - $q.= ", LangPreference = '".mysql_escape_string($L)."'"; - $q.= ", IRCNick = '".mysql_escape_string($I)."'"; + $q.= ", RealName = '".mysql_real_escape_string($R)."'"; + $q.= ", LangPreference = '".mysql_real_escape_string($L)."'"; + $q.= ", IRCNick = '".mysql_real_escape_string($I)."'"; $q.= ", NewPkgNotify = "; if ($N) { $q.= "1 "; @@ -435,19 +435,19 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", $search_vars[] = "S"; } if ($U) { - $q.= "AND Username LIKE '%".mysql_escape_string($U)."%' "; + $q.= "AND Username LIKE '%".mysql_real_escape_string($U)."%' "; $search_vars[] = "U"; } if ($E) { - $q.= "AND Email LIKE '%".mysql_escape_string($E)."%' "; + $q.= "AND Email LIKE '%".mysql_real_escape_string($E)."%' "; $search_vars[] = "E"; } if ($R) { - $q.= "AND RealName LIKE '%".mysql_escape_string($R)."%' "; + $q.= "AND RealName LIKE '%".mysql_real_escape_string($R)."%' "; $search_vars[] = "R"; } if ($I) { - $q.= "AND IRCNick LIKE '%".mysql_escape_string($I)."%' "; + $q.= "AND IRCNick LIKE '%".mysql_real_escape_string($I)."%' "; $search_vars[] = "I"; } switch ($SB) { diff --git a/web/lib/aur.inc b/web/lib/aur.inc index 46146318..063f9037 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -93,7 +93,7 @@ function check_sid() { # $dbh = db_connect(); $q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions "; - $q.= "WHERE SessionID = '" . mysql_escape_string($_COOKIE["AURSID"]) . "'"; + $q.= "WHERE SessionID = '" . mysql_real_escape_string($_COOKIE["AURSID"]) . "'"; $result = db_query($q, $dbh); if (!$result) { # Invalid SessionID - hacker alert! @@ -118,7 +118,7 @@ function check_sid() { # the main page where they can log in again. # $q = "DELETE FROM Sessions WHERE SessionID = '"; - $q.= mysql_escape_string($_COOKIE["AURSID"]) . "'"; + $q.= mysql_real_escape_string($_COOKIE["AURSID"]) . "'"; db_query($q, $dbh); setcookie("AURSID", "", time() - (60*60*24*30), "/"); @@ -129,7 +129,7 @@ function check_sid() { # and update the idle timestamp # $q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() "; - $q.= "WHERE SessionID = '".mysql_escape_string($_COOKIE["AURSID"])."'"; + $q.= "WHERE SessionID = '".mysql_real_escape_string($_COOKIE["AURSID"])."'"; db_query($q, $dbh); } } @@ -172,7 +172,7 @@ function username_from_id($id="") { return ""; } $dbh = db_connect(); - $q = "SELECT Username FROM Users WHERE ID = " . mysql_escape_string($id); + $q = "SELECT Username FROM Users WHERE ID = " . mysql_real_escape_string($id); $result = db_query($q, $dbh); if (!$result) { return "None"; @@ -193,7 +193,7 @@ function username_from_sid($sid="") { $q = "SELECT Username "; $q.= "FROM Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; - $q.= "AND Sessions.SessionID = '" . mysql_escape_string($sid) . "'"; + $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'"; $result = db_query($q, $dbh); if (!$result) { return ""; @@ -213,7 +213,7 @@ function email_from_sid($sid="") { $q = "SELECT Email "; $q.= "FROM Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; - $q.= "AND Sessions.SessionID = '" . mysql_escape_string($sid) . "'"; + $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'"; $result = db_query($q, $dbh); if (!$result) { return ""; @@ -235,7 +235,7 @@ function account_from_sid($sid="") { $q.= "FROM Users, AccountTypes, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; $q.= "AND AccountTypes.ID = Users.AccountTypeID "; - $q.= "AND Sessions.SessionID = '" . mysql_escape_string($sid) . "'"; + $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'"; $result = db_query($q, $dbh); if (!$result) { return ""; @@ -255,7 +255,7 @@ function uid_from_sid($sid="") { $q = "SELECT Users.ID "; $q.= "FROM Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; - $q.= "AND Sessions.SessionID = '" . mysql_escape_string($sid) . "'"; + $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'"; $result = db_query($q, $dbh); if (!$result) { return 0; @@ -329,7 +329,7 @@ function set_lang() { $q = "SELECT LangPreference FROM Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; $q.= "AND Sessions.SessionID = '"; - $q.= mysql_escape_string($_COOKIE["AURSID"])."'"; + $q.= mysql_real_escape_string($_COOKIE["AURSID"])."'"; $result = db_query($q, $dbh); if (!$result) { $LANG = "en"; @@ -491,7 +491,7 @@ function can_overwrite_pkg($name="", $sid="") { if (!$name || !$sid) {return 0;} $dbh = db_connect(); $q = "SELECT SubmitterUID, MaintainerUID, AURMaintainerUID "; - $q.= "FROM Packages WHERE Name = '".mysql_escape_string($name)."'"; + $q.= "FROM Packages WHERE Name = '".mysql_real_escape_string($name)."'"; $result = db_query($q, $dbh); if (!$result) {return 0;} $row = mysql_fetch_row($result); @@ -561,7 +561,7 @@ function uid_from_username($username="") return ""; } $dbh = db_connect(); - $q = "SELECT ID FROM Users WHERE Username = '".mysql_escape_string($username) + $q = "SELECT ID FROM Users WHERE Username = '".mysql_real_escape_string($username) ."'"; $result = db_query($q, $dbh); if (!$result) { diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc index de2f16cc..d1da9bc6 100644 --- a/web/lib/pkgfuncs.inc +++ b/web/lib/pkgfuncs.inc @@ -125,7 +125,7 @@ function package_exists($name="") { if (!$name) {return NULL;} $dbh = db_connect(); $q = "SELECT ID FROM Packages "; - $q.= "WHERE Name = '".mysql_escape_string($name)."' "; + $q.= "WHERE Name = '".mysql_real_escape_string($name)."' "; $q.= "AND DummyPkg = 0"; $result = db_query($q, $dbh); if (!$result) {return NULL;} @@ -141,7 +141,7 @@ function package_dependencies($pkgid=0) { $dbh = db_connect(); $q = "SELECT DepPkgID, Name, DummyPkg, DepCondition FROM PackageDepends, Packages "; $q.= "WHERE PackageDepends.DepPkgID = Packages.ID "; - $q.= "AND PackageDepends.PackageID = ".mysql_escape_string($pkgid); + $q.= "AND PackageDepends.PackageID = ".mysql_real_escape_string($pkgid); $q.= " ORDER BY Name"; $result = db_query($q, $dbh); if (!$result) {return array();} @@ -161,14 +161,14 @@ function create_dummy($pname="", $sid="") { if (!$uid) {return NULL;} $dbh = db_connect(); $q = "SELECT ID FROM Packages WHERE Name = '"; - $q.= mysql_escape_string($pname)."'"; + $q.= mysql_real_escape_string($pname)."'"; $result = db_query($q, $dbh); if (!mysql_num_rows($result)) { # Insert the dummy # $q = "INSERT INTO Packages (Name, Description, URL, SubmittedTS, "; $q.= "SubmitterUID, DummyPkg) VALUES ('"; - $q.= mysql_escape_string($pname)."', 'A dummy package', '/#', "; + $q.= mysql_real_escape_string($pname)."', 'A dummy package', '/#', "; $q.= "UNIX_TIMESTAMP(), ".$uid.", 1)"; $result = db_query($q, $dbh); if (!$result) { @@ -193,7 +193,7 @@ function package_comments($pkgid=0) { $q = "SELECT PackageComments.ID, UserName, UsersID, Comments, CommentTS "; $q.= "FROM PackageComments, Users "; $q.= "WHERE PackageComments.UsersID = Users.ID"; - $q.= " AND PackageID = ".mysql_escape_string($pkgid); + $q.= " AND PackageID = ".mysql_real_escape_string($pkgid); $q.= " AND DelUsersID = 0"; # only display non-deleted comments $q.= " ORDER BY CommentTS DESC"; $result = db_query($q, $dbh); @@ -212,7 +212,7 @@ function package_sources($pkgid=0) { if ($pkgid) { $dbh = db_connect(); $q = "SELECT Source FROM PackageSources "; - $q.= "WHERE PackageID = ".mysql_escape_string($pkgid); + $q.= "WHERE PackageID = ".mysql_real_escape_string($pkgid); $q.= " ORDER BY Source"; $result = db_query($q, $dbh); if (!$result) {return array();} @@ -234,7 +234,7 @@ function pkgvotes_from_sid($sid="") { $q.= "FROM PackageVotes, Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; $q.= "AND Users.ID = PackageVotes.UsersID "; - $q.= "AND Sessions.SessionID = '".mysql_escape_string($sid)."'"; + $q.= "AND Sessions.SessionID = '".mysql_real_escape_string($sid)."'"; $result = db_query($q, $dbh); if ($result) { while ($row = mysql_fetch_row($result)) { @@ -901,10 +901,10 @@ function pkg_search_page($SID="") { #search by maintainer if ($_REQUEST["SeB"] == "m"){ if (!$has_where) { - $q.= "WHERE Username = '".mysql_escape_string($K)."' "; + $q.= "WHERE Username = '".mysql_real_escape_string($K)."' "; $has_where = 1; } else { - $q.= "AND Username = '".mysql_escape_string($K)."' "; + $q.= "AND Username = '".mysql_real_escape_string($K)."' "; } } elseif ($_REQUEST["SeB"] == "s") { if (!$has_where) { @@ -916,12 +916,12 @@ function pkg_search_page($SID="") { # the default behaivior, query the name/description } else { if (!$has_where) { - $q.= "WHERE (Name LIKE '%".mysql_escape_string($K)."%' OR "; - $q.= "Description LIKE '%".mysql_escape_string($K)."%') "; + $q.= "WHERE (Name LIKE '%".mysql_real_escape_string($K)."%' OR "; + $q.= "Description LIKE '%".mysql_real_escape_string($K)."%') "; $has_where = 1; } else { - $q.= "AND (Name LIKE '%".mysql_escape_string($K)."%' OR "; - $q.= "Description LIKE '%".mysql_escape_string($K)."%') "; + $q.= "AND (Name LIKE '%".mysql_real_escape_string($K)."%' OR "; + $q.= "Description LIKE '%".mysql_real_escape_string($K)."%') "; } } } -- cgit v1.2.3-24-g4f1b