[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 42/219: SQL : protection injection
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 42/219: SQL : protection injection |
Date: |
Mon, 18 Dec 2017 13:22:34 -0500 (EST) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 5d8289e2c0563e7cf7595d2c97d3261bd0b9d9b9
Author: Dany De Bontridder <address@hidden>
Date: Mon Sep 11 19:01:26 2017 +0200
SQL : protection injection
---
include/class/anc_plan.class.php | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/class/anc_plan.class.php b/include/class/anc_plan.class.php
index 78b5715..e3c85d6 100644
--- a/include/class/anc_plan.class.php
+++ b/include/class/anc_plan.class.php
@@ -66,8 +66,8 @@ class Anc_Plan
{
if ( $this->id==0) return;
- $sql="select pa_name,pa_description from plan_analytique where
pa_id=".$this->id;
- $ret= $this->db->exec_sql($sql);
+ $sql="select pa_name,pa_description from plan_analytique where
pa_id=$1";
+ $ret= $this->db->exec_sql($sql,array($this->id));
if ( Database::num_row($ret) == 0)
{
return;
- [Noalyss-commit] [noalyss] 125/219: Rewriting : Use of Noalyss_CSV, (continued)
- [Noalyss-commit] [noalyss] 125/219: Rewriting : Use of Noalyss_CSV, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 175/219: Change autocomplete and adapt Icard setWidth is false + indicator icon for ICard, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 81/219: PRINTPOSTE : esthetic, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 121/219: correct js : getMessage instead of message, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 78/219: InPlace_Switch : add a supplemental javascript command, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 10/219: GESTION -> CUST, MANAGER, ADM ... esthetic move the name of the tiers to the right, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 50/219: task #0001467: Journaux VENTES - inversion D/C dans liste de catégorie de fiches, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 169/219: For MSIE, force to unicode (still problem with MSIE11) !, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 94/219: Fix background color for button 'modele operation', Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 139/219: Javascript : small error, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 42/219: SQL : protection injection,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 75/219: PRINTJRN Use new class http_input, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 82/219: Fix Doxygen issue : @example must be in a function otherwise the detailed section of Doxygen disappear, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 64/219: Inplace_Edit : cosmetic, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 137/219: Infobulle : avoid that the info balloon exceed limit of the display, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 193/219: SansationLight add the readme.txt file with license, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 85/219: Task #1349 : si une seule catégorie de fiche , alors on ne doit pas la choisir, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 07/219: Bug : cannot print action in profil Cannot add a export / printing in profile, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 79/219: PRINTGL : do not print accounting without operation, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 182/219: Icon move / fix, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 111/219: Comment Table, Dany De Bontridder, 2017/12/18