Commit bf1723f2 authored by Dustri's avatar Dustri
Browse files

Fix two sqli

parent 1c99512b
......@@ -228,7 +228,9 @@ if ( !$wiki->is_valid() )
$req = new requete($site->db,"SELECT asso.id_asso FROM asso
LEFT JOIN asso AS asso_parent ON asso.id_asso_parent=asso_parent.id_asso
WHERE CONCAT(asso_parent.nom_unix_asso,':',asso.nom_unix_asso)='".$castor[0].":".$castor[1]."'
WHERE CONCAT(asso_parent.nom_unix_asso,':',asso.nom_unix_asso)='".
mysql_real_escape_string($castor[0]).":".
mysql_real_escape_string($castor[1])."'
AND asso.id_asso_parent <> '1'");
if ( $req->lines == 1 )
......@@ -362,7 +364,9 @@ $castor = explode(":",$pagepath);
$req = new requete($site->db,"SELECT asso.id_asso FROM asso
LEFT JOIN asso AS asso_parent ON asso.id_asso_parent=asso_parent.id_asso
WHERE CONCAT(asso_parent.nom_unix_asso,':',asso.nom_unix_asso)='".$castor[0].":".$castor[1]."'
WHERE CONCAT(asso_parent.nom_unix_asso,':',asso.nom_unix_asso)='".
mysql_real_escape_string($castor[0]).":".
mysql_real_escape_string($castor[1])."'
AND asso.id_asso_parent <> '1'");
if ( $req->lines == 1 )
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment