Re: [AppDB] Fix to allow creating of new accounts (urgent)

6 Jan 2005

      Tobias Burnus wrote:
...
Hello,
tony_lambregts@telusplanet.net wrote:
...
...
...

                         "'$realname', '$email', NOW(), 0, 0)");

                         "'$realname', '$email', NOW(), 0, 0, 

'$CVSrelease')");
Shouldn't one use "'".mysql_escape_string($username)."','" etc.? Or 
is it ensured elsewhere that no unwanted characters are in the 
string? ( ' is escaped in PHP, isn't it?)
This is a not a security patch...
True, but shouldn't one try to be secure if one needs to touch such lines?
Tobias
I admit it I am an idiot for not knowing what to do to fix security flaws.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Re: [AppDB] Fix to allow creating of new accounts (urgent)