archive/piwigo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

- change mysql_escape_string function (deprecated) by mysql_real_escape_string.

Browse source 
- Correction on install.tpl (link color).

git-svn-id: http://piwigo.org/svn/trunk@2752 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
patdenice 2008-10-15 20:56:23 +00:00
commit eb667c7711
7 changed files with 8 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

4
include/functions_user.inc.php
View file

@ -115,7 +115,7 @@ SELECT MAX('.$conf['user_fields']['id'].') + 1
$insert =
array(
$conf['user_fields']['id'] => $next_id,
$conf['user_fields']['username'] => mysql_escape_string($login),
$conf['user_fields']['username'] => mysql_real_escape_string($login),
$conf['user_fields']['password'] => $conf['pass_convert']($password),
$conf['user_fields']['email'] => $mail_address
);
@ -716,7 +716,7 @@ function get_userid($username)
{
global $conf;
$username = mysql_escape_string($username);
$username = mysql_real_escape_string($username);
$query = '
SELECT '.$conf['user_fields']['id'].'