diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-12-21 15:51:31 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-12-21 15:51:31 +0000 |
| commit | 6c2e3922b1718e462fb5a0f5e83b5fc1f3a83d4a (patch) | |
| tree | 522fb015042ae01c631b481f0bc6ad3a910cbc3f /phpBB/login.php | |
| parent | f5afff4c5531aa9981e21cdac7fc4702345d96fa (diff) | |
| download | forums-6c2e3922b1718e462fb5a0f5e83b5fc1f3a83d4a.tar forums-6c2e3922b1718e462fb5a0f5e83b5fc1f3a83d4a.tar.gz forums-6c2e3922b1718e462fb5a0f5e83b5fc1f3a83d4a.tar.bz2 forums-6c2e3922b1718e462fb5a0f5e83b5fc1f3a83d4a.tar.xz forums-6c2e3922b1718e462fb5a0f5e83b5fc1f3a83d4a.zip | |
Hopefully this addresses the \' and '' problems with MSSQL, etc. ... I'd like opinions on the security of doing this.
git-svn-id: file:///svn/phpbb/trunk@1661 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/login.php')
| -rw-r--r-- | phpBB/login.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/login.php b/phpBB/login.php index 3f9645a1e8..110a822802 100644 --- a/phpBB/login.php +++ b/phpBB/login.php @@ -49,7 +49,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($ $sql = "SELECT user_id, username, user_password, user_active, user_level FROM ".USERS_TABLE." - WHERE username = '$username'"; + WHERE username = '" . str_replace("\'", "''", $username) . "'"; $result = $db->sql_query($sql); if(!$result) { |