From fe252a54fdc1be0547e53291fca8b9dec29c4f15 Mon Sep 17 00:00:00 2001
From: natec <natec@users.sourceforge.net>
Date: Sat, 15 Sep 2001 22:11:20 +0000
Subject: Fixed a situation where we weren't escaping sql special chars.

git-svn-id: file:///svn/phpbb/trunk@1041 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/posting.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'phpBB')

diff --git a/phpBB/posting.php b/phpBB/posting.php
index eac19e3014..f084d37780 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -85,6 +85,7 @@ else
 	$topic_id = "";
 }
 
+
 //
 // Was cancel pressed? If so then redirect to the appropriate
 // page, no point in continuing with any further checks
@@ -629,7 +630,7 @@ if( ( $submit || $confirm ) && !$error )
 		if( $mode == "newtopic" )
 		{
 			$sql  = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote)
-				VALUES ('$subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)";
+				VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)";
 
 			if( $result = $db->sql_query($sql, BEGIN_TRANSACTION) )
 			{
-- 
cgit v1.2.1