Changeset 20281


Ignore:
Timestamp:
Jan 20, 2013, 12:48:53 PM (11 years ago)
Author:
mistic100
Message:

protect session data with pwg_db_real_escape_string

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/functions_session.inc.php

    r19703 r20281  
    149149REPLACE INTO '.SESSIONS_TABLE.'
    150150  (id,data,expiration)
    151   VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.str_replace("'", "\'", $data).'\',now())
     151  VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.pwg_db_real_escape_string($data).'\',now())
    152152;';
    153153  pwg_query($query);
Note: See TracChangeset for help on using the changeset viewer.