[AppDB] Fix to allow creating of new accounts (urgent)

Wed Jan 5 20:17:47 CST 2005

Tobias Burnus wrote:
> Hello,
> 
> tony_lambregts at telusplanet.net wrote:
> 
>>>> -                              "'$realname', '$email', NOW(), 0, 0)");
>>>> +                              "'$realname', '$email', NOW(), 0, 0, 
>>>> '$CVSrelease')");
>>>
>>>
>>> Shouldn't one use "'".mysql_escape_string($username)."','" etc.? Or 
>>> is it ensured elsewhere that no unwanted characters are in the 
>>> string? ( ' is escaped in PHP, isn't it?)
>>
>> This is a not a security patch...
> 
> 
> True, but shouldn't one try to be secure if one needs to touch such lines?
> 
> Tobias
> 
> 
> 
I admit it I am an idiot for not knowing what to do to fix security flaws.