diff options
author | Tyron Madlener <tyronx@gmail.com> | 2011-06-19 14:28:18 +0400 |
---|---|---|
committer | Tyron Madlener <tyronx@gmail.com> | 2011-06-19 14:28:18 +0400 |
commit | 4ee08ac03d5cb054b462ee080bc81790bd5e2f77 (patch) | |
tree | 0389ac280cfffc9facf70223495b9976e92b1c2a /server_variables.php | |
parent | 91458b66fd499b0a093f51bda0d491efd3d254c8 (diff) |
no ajax variable escaping
Diffstat (limited to 'server_variables.php')
-rw-r--r-- | server_variables.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/server_variables.php b/server_variables.php index 1750dd561c..273d07a997 100644 --- a/server_variables.php +++ b/server_variables.php @@ -37,13 +37,13 @@ if (isset($_REQUEST['ajax_request']) && $_REQUEST['ajax_request'] == true) { if(isset($_REQUEST['type'])) { switch($_REQUEST['type']) { case 'getval': - $varValue = PMA_DBI_fetch_single_row('SHOW GLOBAL VARIABLES WHERE Variable_name="'.mysql_real_escape_string($_REQUEST['varName']).'";','NUM'); + $varValue = PMA_DBI_fetch_single_row('SHOW GLOBAL VARIABLES WHERE Variable_name="'.$_REQUEST['varName'].'";','NUM'); exit($varValue[1]); break; case 'setval': - if(PMA_DBI_query('SET GLOBAL '.mysql_real_escape_string($_REQUEST['varName']).' = \''.mysql_real_escape_string($_REQUEST['varValue']).'\'')) + if(PMA_DBI_query('SET GLOBAL '.$_REQUEST['varName'].' = \''.$_REQUEST['varValue'].'\'')) // Some values are rounded down etc. - $varValue = PMA_DBI_fetch_single_row('SHOW GLOBAL VARIABLES WHERE Variable_name="'.mysql_real_escape_string($_REQUEST['varName']).'";','NUM'); + $varValue = PMA_DBI_fetch_single_row('SHOW GLOBAL VARIABLES WHERE Variable_name="'.$_REQUEST['varName'].'";','NUM'); exit(json_encode(array( 'success' => true, |