projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Security statements update against sql injection attacks.
[fa-stable.git]
/
admin
/
print_profiles.php
diff --git
a/admin/print_profiles.php
b/admin/print_profiles.php
index 8052a38af560843851dced86a3a232151e224376..2cdb011b2baf8ae1d6a88ae0416895da5d538ddb 100644
(file)
--- a/
admin/print_profiles.php
+++ b/
admin/print_profiles.php
@@
-77,7
+77,7
@@
function check_delete($name)
{
// check if selected profile is used by any user
if ($name=='') return 0; // cannot delete system default profile
{
// check if selected profile is used by any user
if ($name=='') return 0; // cannot delete system default profile
- $sql = "SELECT * FROM ".TB_PREF."users WHERE print_profile=
'$name'"
;
+ $sql = "SELECT * FROM ".TB_PREF."users WHERE print_profile=
".db_escape($name)
;
$res = db_query($sql,'cannot check printing profile usage');
return db_num_rows($res);
}
$res = db_query($sql,'cannot check printing profile usage');
return db_num_rows($res);
}