[AppDB] Fix to allow creating of new accounts (urgent)
Tobias Burnus
burnus at gmx.de
Wed Jan 5 10:46:29 CST 2005
Hello,
> $result = mysql_query("INSERT INTO user_list VALUES ( NOW(), 0, ".
> "'$username', password('$password'), ".
> - "'$realname', '$email', NOW(), 0, 0)");
> + "'$realname', '$email', NOW(), 0, 0, '$CVSrelease')");
Shouldn't one use "'".mysql_escape_string($username)."','" etc.? Or is
it ensured elsewhere that no unwanted characters are in the string? ( '
is escaped in PHP, isn't it?)
Tobias
More information about the wine-devel
mailing list