[AppDB] Fix to allow creating of new accounts (urgent)
tony_lambregts at telusplanet.net
tony_lambregts at telusplanet.net
Wed Jan 5 11:21:28 CST 2005
Tobias Burnus wrote:
> Hello,
>
>> $result = mysql_query("INSERT INTO user_list VALUES ( NOW(),
>> 0, ".
>> "'$username', password('$password'), ".
>> - "'$realname', '$email', NOW(), 0, 0)");
>> + "'$realname', '$email', NOW(), 0, 0,
>> '$CVSrelease')");
>
> Shouldn't one use "'".mysql_escape_string($username)."','" etc.? Or is
> it ensured elsewhere that no unwanted characters are in the string? ( '
> is escaped in PHP, isn't it?)
>
> Tobias
>
>
>
This is a not a security patch...
More information about the wine-devel
mailing list