projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
Additional security fixes in sql statements.
[fa-stable.git]
/
gl
/
manage
/
exchange_rates.php
diff --git
a/gl/manage/exchange_rates.php
b/gl/manage/exchange_rates.php
index e7a7f574cfa92f7a39072add3c6f0d5705e8cb76..0127b40be7fa6212bd3b7ff8aaac7aacc98a470e 100644
(file)
--- a/
gl/manage/exchange_rates.php
+++ b/
gl/manage/exchange_rates.php
@@
-186,7
+186,7
@@
set_global_curr_code($_POST['curr_abrev']);
$sql = "SELECT date_, rate_buy, id FROM "
.TB_PREF."exchange_rates "
- ."WHERE curr_code=
'".$_POST['curr_abrev']."'
+ ."WHERE curr_code=
".db_escape($_POST['curr_abrev'])."
ORDER BY date_ DESC";
$cols = array(
projects / fa-stable.git / blobdiff