Changeset: 6e0aa8dfd402 https://sourceforge.net/p/mrbs/hg-code/ci/6e0aa8dfd402eac7ced710cfc7e4092167009229 Author: John Beranek <jbera...@users.sourceforge.net> Date: Sat Sep 17 13:29:14 2016 +0100 Log message:
Parameterised SQL in header diffstat: web/Themes/default/header.inc | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diffs (26 lines): diff -r 31b95cb1598a -r 6e0aa8dfd402 web/Themes/default/header.inc --- a/web/Themes/default/header.inc Sat Sep 17 12:57:14 2016 +0100 +++ b/web/Themes/default/header.inc Sat Sep 17 13:29:14 2016 +0100 @@ -151,6 +151,9 @@ if ($approval_somewhere && (authGetUserLevel($user) >= 1)) { $sql_approval_enabled = some_area_predicate('approval_enabled'); + + $sql_params = array(); + // Find out how many bookings are awaiting approval // (but only for areas where approval is required) $sql = "SELECT COUNT(*) @@ -164,9 +167,10 @@ if (!$is_admin) { // Ordinary users can only see their own - $sql .= " AND create_by='" . sql_escape($user) . "'"; + $sql .= " AND create_by=?"; + $sql_params[] = $user; } - $n_outstanding = sql_query1($sql); + $n_outstanding = sql_query1($sql, $sql_params); if ($n_outstanding < 0) { fatal_error(FALSE, get_vocab("fatal_db_error")); ------------------------------------------------------------------------------ _______________________________________________ Mrbs-commits mailing list Mrbs-commits@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mrbs-commits