oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

removed $db->quote and used prepared statement

Browse source
This commit is contained in:
Frank Dillon 2006-05-22 23:02:00 +00:00
parent 755922fb57
commit f34f3c95bd
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/WebGUI/Asset/Wobject/EventManagementSystem.pm
View file

@ -2167,7 +2167,7 @@ sub www_addEventsToBadge {
my $bid = $self->session->form->process('bid') || 'none';
my $eventId = $self->session->form->process('eventId');
unless ($bid eq 'none') {
my ($userId,$createdByUserId) = $self->session->db->quickArray("select userId, createdByUserId from EventManagementSystem_badges where badgeId=".quote($bid));
my ($userId,$createdByUserId) = $self->session->db->quickArray("select userId, createdByUserId from EventManagementSystem_badges where badgeId=?",[$bid]);
unless($isAdmin || $userId eq $self->session->user->userId || $createdByUserId eq $self->session->user->userId) {
return $self->session->privilege->insufficient();
}