Re: [AppDB] Fix to allow creating of new accounts (urgent)

5 Jan 2005

      Tobias Burnus wrote:
...
Hello,
...
     $result = mysql_query("INSERT INTO user_list VALUES ( NOW(), 

0, ".
                               "'$username', password('$password'), ".

                         "'$realname', '$email', NOW(), 0, 0)");

                         "'$realname', '$email', NOW(), 0, 0, 

'$CVSrelease')");
Shouldn't one use "'".mysql_escape_string($username)."','" etc.? Or is 
it ensured elsewhere that no unwanted characters are in the string? ( ' 
is escaped in PHP, isn't it?)
Tobias
This is a not a security patch...

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Re: [AppDB] Fix to allow creating of new accounts (urgent)