Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/phpmyadmin/phpmyadmin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/db_tracking.php
diff options
context:
space:
mode:
authorDeven Bansod <devenbansod.bits@gmail.com>2016-10-29 08:15:12 +0300
committerDeven Bansod <devenbansod.bits@gmail.com>2016-10-29 08:15:12 +0300
commitf14cffdbe700a80b2b1e49f51da8867ac6246a6e (patch)
tree704ca52377c76ec1fcc1ea2f70d0ec82c2381a95 /db_tracking.php
parent2fbf09ba2d7b8e75744b4cac2a7325bc68da126a (diff)
Properly escape strings in MySQL statement values
Use *_real_escape string functions provided by connectors to escape strings while exporting Fix #12453 Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com> Conflicts: libraries/server_privileges.lib.php
Diffstat (limited to 'db_tracking.php')
-rw-r--r--db_tracking.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/db_tracking.php b/db_tracking.php
index ad072fca44..c8f78379dd 100644
--- a/db_tracking.php
+++ b/db_tracking.php
@@ -114,7 +114,7 @@ $cfgRelation = PMA_getRelationsParam();
$all_tables_query = ' SELECT table_name, MAX(version) as version FROM ' .
PMA\libraries\Util::backquote($cfgRelation['db']) . '.' .
PMA\libraries\Util::backquote($cfgRelation['tracking']) .
- ' WHERE db_name = \'' . PMA\libraries\Util::sqlAddSlashes($_REQUEST['db']) .
+ ' WHERE db_name = \'' . $GLOBALS['dbi']->escapeString($_REQUEST['db']) .
'\' ' .
' GROUP BY table_name' .
' ORDER BY table_name ASC';
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 00:56:38 +0300