Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/phpmyadmin/phpmyadmin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/server_variables.php
diff options
context:
space:
mode:
authorTyron Madlener <tyronx@gmail.com>2011-06-19 14:28:18 +0400
committerTyron Madlener <tyronx@gmail.com>2011-06-19 14:28:18 +0400
commit4ee08ac03d5cb054b462ee080bc81790bd5e2f77 (patch)
tree0389ac280cfffc9facf70223495b9976e92b1c2a /server_variables.php
parent91458b66fd499b0a093f51bda0d491efd3d254c8 (diff)
no ajax variable escaping
Diffstat (limited to 'server_variables.php')
-rw-r--r--server_variables.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/server_variables.php b/server_variables.php
index 1750dd561c..273d07a997 100644
--- a/server_variables.php
+++ b/server_variables.php
@@ -37,13 +37,13 @@ if (isset($_REQUEST['ajax_request']) && $_REQUEST['ajax_request'] == true) {
if(isset($_REQUEST['type'])) {
switch($_REQUEST['type']) {
case 'getval':
- $varValue = PMA_DBI_fetch_single_row('SHOW GLOBAL VARIABLES WHERE Variable_name="'.mysql_real_escape_string($_REQUEST['varName']).'";','NUM');
+ $varValue = PMA_DBI_fetch_single_row('SHOW GLOBAL VARIABLES WHERE Variable_name="'.$_REQUEST['varName'].'";','NUM');
exit($varValue[1]);
break;
case 'setval':
- if(PMA_DBI_query('SET GLOBAL '.mysql_real_escape_string($_REQUEST['varName']).' = \''.mysql_real_escape_string($_REQUEST['varValue']).'\''))
+ if(PMA_DBI_query('SET GLOBAL '.$_REQUEST['varName'].' = \''.$_REQUEST['varValue'].'\''))
// Some values are rounded down etc.
- $varValue = PMA_DBI_fetch_single_row('SHOW GLOBAL VARIABLES WHERE Variable_name="'.mysql_real_escape_string($_REQUEST['varName']).'";','NUM');
+ $varValue = PMA_DBI_fetch_single_row('SHOW GLOBAL VARIABLES WHERE Variable_name="'.$_REQUEST['varName'].'";','NUM');
exit(json_encode(array(
'success' => true,
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 19:14:30 +0300