Removed redundant mysqli_real_escape_string #290

This commit is contained in:
Tobias Reich 2015-01-23 22:02:22 +01:00
parent 2024ccaf39
commit 5d5f86307e

View File

@ -54,8 +54,8 @@ if (!empty($_POST['function'])||!empty($_GET['function'])) {
$plugins = new Plugins($plugins, $database, $settings); $plugins = new Plugins($plugins, $database, $settings);
# Escape # Escape
foreach(array_keys($_POST) as $key) $_POST[$key] = mysqli_real_escape_string($database, urldecode($_POST[$key])); foreach(array_keys($_POST) as $key) $_POST[$key] = urldecode($_POST[$key]);
foreach(array_keys($_GET) as $key) $_GET[$key] = mysqli_real_escape_string($database, urldecode($_GET[$key])); foreach(array_keys($_GET) as $key) $_GET[$key] = urldecode($_GET[$key]);
# Validate parameters # Validate parameters
if (isset($_POST['albumIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['albumIDs'])!==1) exit('Error: Wrong parameter type for albumIDs!'); if (isset($_POST['albumIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['albumIDs'])!==1) exit('Error: Wrong parameter type for albumIDs!');