diff options
| author | Star Rauchenberger <fefferburbia@gmail.com> | 2024-01-08 20:31:32 +0000 |
|---|---|---|
| committer | Star Rauchenberger <fefferburbia@gmail.com> | 2024-01-08 20:31:32 +0000 |
| commit | 5b892eafafb1f41bab1a20f1524cef144042e3e1 (patch) | |
| tree | 69d3c6eb5439d02a44fefa3af3dac6e13901a7d0 /comic.php | |
| parent | e0eb4e7dd88789432b50260276bfd06242a8ebf6 (diff) | |
| download | pillowcase-5b892eafafb1f41bab1a20f1524cef144042e3e1.tar.gz pillowcase-5b892eafafb1f41bab1a20f1524cef144042e3e1.tar.bz2 pillowcase-5b892eafafb1f41bab1a20f1524cef144042e3e1.zip | |
sql injection prevention
Diffstat (limited to 'comic.php')
| -rwxr-xr-x | comic.php | 2 |
1 files changed, 1 insertions, 1 deletions
| diff --git a/comic.php b/comic.php index 352060b..1e94abc 100755 --- a/comic.php +++ b/comic.php | |||
| @@ -8,7 +8,7 @@ if (!isset($_GET['id'])) | |||
| 8 | exit; | 8 | exit; |
| 9 | } | 9 | } |
| 10 | 10 | ||
| 11 | $getcomic = "SELECT * FROM comics WHERE filename = \"" . $_GET['id'] . ".png\""; | 11 | $getcomic = "SELECT * FROM comics WHERE filename = \"" . mysqli_real_escape_string($mysql_conn, $_GET['id']) . ".png\""; |
| 12 | $getcomic2 = mysql_query($getcomic); | 12 | $getcomic2 = mysql_query($getcomic); |
| 13 | $getcomic3 = mysql_fetch_array($getcomic2); | 13 | $getcomic3 = mysql_fetch_array($getcomic2); |
| 14 | 14 | ||