diff options
| author | hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-02-02 06:37:42 +0000 |
|---|---|---|
| committer | hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-02-02 06:37:42 +0000 |
| commit | 6baf1bdda009c10acadac93035e38d2c431ca324 (patch) | |
| tree | 23b4b96974ed388574da5560a7b51588b9ee3941 /frontends/php/include/bulkloader.inc.php | |
| parent | bf94a21c0a8d09d4da1f0c8ee0fe851a0053c6b2 (diff) | |
| download | zabbix-6baf1bdda009c10acadac93035e38d2c431ca324.tar.gz zabbix-6baf1bdda009c10acadac93035e38d2c431ca324.tar.xz zabbix-6baf1bdda009c10acadac93035e38d2c431ca324.zip | |
- GUI made immune to SQL injection attacks (Alexei)
git-svn-id: svn://svn.zabbix.com/trunk@2600 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php/include/bulkloader.inc.php')
| -rw-r--r-- | frontends/php/include/bulkloader.inc.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/frontends/php/include/bulkloader.inc.php b/frontends/php/include/bulkloader.inc.php index c03be61b..7ef22239 100644 --- a/frontends/php/include/bulkloader.inc.php +++ b/frontends/php/include/bulkloader.inc.php @@ -28,14 +28,14 @@ include_once "include/config.inc.php"; // Returns: 0 if unable to create, otherwise it returns the groupID function create_Host_Group($group) { - $result=DBselect("select distinct(groupid) from groups where name='$group'"); + $result=DBselect("select distinct(groupid) from groups where name='".zbx_ads($group)."'"); if(DBnum_rows($result)>0) { $row=DBfetch($result); return $row["groupid"]; } - $result=DBexecute("insert into groups (name) values ('$group')"); + $result=DBexecute("insert into groups (name) values ('".zbx_ads($group)."')"); if($result) { return DBinsert_id($result,"groups","name"); |