Tobias Burnus wrote:
Hello,
[EMAIL PROTECTED] wrote:
- "'$realname', '$email', NOW(), 0, 0)");
+ "'$realname', '$email', NOW(), 0, 0,
'$CVSrelease')");
Shouldn't one use "'".mysql_escape_string($username)."','" etc.? Or
is it ensured elsewhere that no unwanted characters are in the
string? ( ' is escaped in PHP, isn't it?)
This is a not a security patch...
True, but shouldn't one try to be secure if one needs to touch such lines?
Tobias
I admit it I am an idiot for not knowing what to do to fix security flaws.
