Project

General

Profile

« Previous | Next » 

Revision 1416

Added by Luisehahne almost 15 years ago

fixed unsafe sql queries

View differences:

index.php
227 227 
                {
228 228 
                    $sql = 'SELECT `publ_start`, `publ_end` FROM `'.TABLE_PREFIX.'sections` ';
229 229 
                    $sql .= 'WHERE `page_id` = '.$page['page_id'].' AND `module` != \'menu_link\' ';
230 
                    $query_sections = $database->query($sql);
231 

  		




  232
  230
  
    
					// $query_sections = $database->query("SELECT publ_start, publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '{$page['page_id']}' AND module != 'menu_link'");


  		




  233
  
  
    

  		




  234
  
  
    
					if (isset($query_sections) && $query_sections->numRows() > 0)


  		




  
  231
  
    
					if( ($query_sections = $database->query($sql)) )


  		




  235
  232
  
    
                    {


  		




  236
  233
  
    
						$mdate_display=false;


  		




  237
  234
  
    
						while($mdate_res = $query_sections->fetchRow())


  		












Also available in:  Unified diff