From 45cbf0c238e79e0a0754e9ad5b60cd233370b887 Mon Sep 17 00:00:00 2001 From: Tobias Reich Date: Fri, 22 Aug 2014 23:04:59 +0200 Subject: [PATCH] Escape --- php/modules/Photo.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/php/modules/Photo.php b/php/modules/Photo.php index a1055ef..06f6b79 100755 --- a/php/modules/Photo.php +++ b/php/modules/Photo.php @@ -215,6 +215,10 @@ class Photo extends Module { # Check dependencies self::dependencies(isset($this->database, $checksum)); + # Escape + $checksum = mysqli_real_escape_string($this->database, $checksum); + if (isset($photoID)) $photoID = mysqli_real_escape_string($this->database, $photoID); + # Exclude $photoID from select when $photoID is set if (isset($photoID)) $query = "SELECT id, url, thumbUrl FROM lychee_photos WHERE checksum = '$checksum' AND id <> '$photoID' LIMIT 1;"; else $query = "SELECT id, url, thumbUrl FROM lychee_photos WHERE checksum = '$checksum' LIMIT 1;";