aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_comment.inc.php
diff options
context:
space:
mode:
authorEric <eric@piwigo.org>2009-11-18 20:07:20 +0000
committerEric <eric@piwigo.org>2009-11-18 20:07:20 +0000
commit1235bab5276f8c56ed6ba9cff46563c143c3e240 (patch)
tree653723f35e14bcee66eeb6bad049c3b106444040 /include/functions_comment.inc.php
parent8a299654501db00316a56efda76448a6bb3975e1 (diff)
Escape all login and username characters in database
Display correctly usernames (I hope not to have made mistakes) git-svn-id: http://piwigo.org/svn/trunk@4304 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/functions_comment.inc.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index e7fbec7b7..aff7b9a35 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -99,7 +99,7 @@ function insert_user_comment( &$comm, $key, &$infos )
$query = '
SELECT COUNT(*) AS user_exists
FROM '.USERS_TABLE.'
- WHERE '.$conf['user_fields']['username']." = '".$comm['author']."'";
+ WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
$row = mysql_fetch_assoc( pwg_query( $query ) );
if ( $row['user_exists'] == 1 )
{