Skip to content
Snippets Groups Projects
Commit baf5dda4 authored by Sergio's avatar Sergio
Browse files

fix escaping in sql query

parent 9ec3045a
No related branches found
No related tags found
1 merge request!107Hide used domains
Hide whitespace changes
Inline Side-by-side
interface/lib/classes/tools_sites.inc.php
+ 2
2
View file @ baf5dda4
...@@ -156,7 +156,7 @@ class tools_sites { ...@@ -156,7 +156,7 @@ class tools_sites {
$field = "domain"; $field = "domain";
$select = $field; $select = $field;
} }
$sql .= " domain NOT IN (SELECT $select FROM $not_used_in_table WHERE $field != '$selected_domain') AND"; $sql .= " domain NOT IN (SELECT $select FROM ?? WHERE $field != ?) AND";
} }
if ($_SESSION["s"]["user"]["typ"] == 'admin') { if ($_SESSION["s"]["user"]["typ"] == 'admin') {
$sql .= " 1"; $sql .= " 1";
...@@ -165,7 +165,7 @@ class tools_sites { ...@@ -165,7 +165,7 @@ class tools_sites {
$sql .= " sys_groupid IN (".$groups.")"; $sql .= " sys_groupid IN (".$groups.")";
} }
$sql .= " ORDER BY domain"; $sql .= " ORDER BY domain";
return $app->db->queryAllRecords($sql); return $app->db->queryAllRecords($sql, $not_used_in_table, $selected_domain);
} }
function checkDomainModuleDomain($domain_id) { function checkDomainModuleDomain($domain_id) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment