sql injection fix - ported back to trunk from branches/2.3 ...

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1326 a1433add-5e2c-0410-b055-b7f2511e0802
pull/2/head
David Goodwin 13 years ago
parent 51ddbd2f2e
commit 1a9104cab4

@ -123,11 +123,9 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
{
while ($row = db_assoc ($result['result']))
{
foreach ($row as $key=>$val)
{
$fields[] = $key;
$values[] = $val;
}
$fields = array_keys($row);
$values = array_values($row);
$values = array_map('escape_string', $values);
fwrite ($fh, "INSERT INTO ". $tables[$i] . " (". implode (',',$fields) . ") VALUES ('" . implode ('\',\'',$values) . "');\n");
$fields = "";

Loading…
Cancel
Save