[AppDB] Fix to allow creating of new accounts (urgent)
burnus at gmx.de
Wed Jan 5 12:10:11 CST 2005
tony_lambregts at telusplanet.net wrote:
>>> - "'$realname', '$email', NOW(), 0, 0)");
>>> + "'$realname', '$email', NOW(), 0, 0,
>> Shouldn't one use "'".mysql_escape_string($username)."','" etc.? Or is
>> it ensured elsewhere that no unwanted characters are in the string? (
>> ' is escaped in PHP, isn't it?)
> This is a not a security patch...
True, but shouldn't one try to be secure if one needs to touch such lines?
More information about the wine-devel