diff options
author | Rouslan Placella <rouslan@placella.com> | 2011-06-20 15:50:29 +0400 |
---|---|---|
committer | Rouslan Placella <rouslan@placella.com> | 2011-06-20 15:50:29 +0400 |
commit | 0ae05939011d842c0b612a61eba97393f9a0ca61 (patch) | |
tree | 50afca0a9f2be5a7c2d1534eb8dc118e9d637608 /db_routines.php | |
parent | ae55e9b8f8ca0d7d3f65b7d9945a726738826ce1 (diff) |
Fixed incorrect escaping of some query parameters
Diffstat (limited to 'db_routines.php')
-rw-r--r-- | db_routines.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/db_routines.php b/db_routines.php index 409d4d991b..1d9523ecd3 100644 --- a/db_routines.php +++ b/db_routines.php @@ -340,7 +340,7 @@ if (! empty($_REQUEST['execute_routine']) && ! empty($_REQUEST['routine_name'])) $extra_data = array(); if ($message->isSuccess()) { $columns = "`SPECIFIC_NAME`, `ROUTINE_NAME`, `ROUTINE_TYPE`, `DTD_IDENTIFIER`, `ROUTINE_DEFINITION`"; - $where = "ROUTINE_SCHEMA='" . PMA_sqlAddslashes($db,true) . "' AND ROUTINE_NAME='" . PMA_sqlAddslashes($_REQUEST['routine_name'],true) . "'"; + $where = "ROUTINE_SCHEMA='" . PMA_sqlAddslashes($db) . "' AND ROUTINE_NAME='" . PMA_sqlAddslashes($_REQUEST['routine_name']) . "'"; $routine = PMA_DBI_fetch_single_row("SELECT $columns FROM `INFORMATION_SCHEMA`.`ROUTINES` WHERE $where;"); $extra_data['name'] = htmlspecialchars(strtoupper($_REQUEST['routine_name'])); $extra_data['new_row'] = PMA_RTN_getRowForRoutinesList($routine, 0, true); |