diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-12-21 15:51:31 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-12-21 15:51:31 +0000 |
| commit | 6c2e3922b1718e462fb5a0f5e83b5fc1f3a83d4a (patch) | |
| tree | 522fb015042ae01c631b481f0bc6ad3a910cbc3f /phpBB/groupcp.php | |
| parent | f5afff4c5531aa9981e21cdac7fc4702345d96fa (diff) | |
| download | forums-6c2e3922b1718e462fb5a0f5e83b5fc1f3a83d4a.tar forums-6c2e3922b1718e462fb5a0f5e83b5fc1f3a83d4a.tar.gz forums-6c2e3922b1718e462fb5a0f5e83b5fc1f3a83d4a.tar.bz2 forums-6c2e3922b1718e462fb5a0f5e83b5fc1f3a83d4a.tar.xz forums-6c2e3922b1718e462fb5a0f5e83b5fc1f3a83d4a.zip | |
Hopefully this addresses the \' and '' problems with MSSQL, etc. ... I'd like opinions on the security of doing this.
git-svn-id: file:///svn/phpbb/trunk@1661 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/groupcp.php')
| -rw-r--r-- | phpBB/groupcp.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/groupcp.php b/phpBB/groupcp.php index 0789834749..4e9b41fea2 100644 --- a/phpBB/groupcp.php +++ b/phpBB/groupcp.php @@ -316,7 +316,7 @@ else if( $group_id ) $sql = "SELECT user_id, user_email FROM " . USERS_TABLE . " - WHERE username = '$username'"; + WHERE username = '" . str_replace("\'", "''", $username) . "'"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Could not get user information", $lang['Error'], __LINE__, __FILE__, $sql); |