diff options
| author | Christophe Nowicki <cnowicki@easter-eggs.com> | 2004-09-10 15:17:36 +0000 |
|---|---|---|
| committer | Christophe Nowicki <cnowicki@easter-eggs.com> | 2004-09-10 15:17:36 +0000 |
| commit | 0abfa7d0c8bac90e291cf7664a0302aa286f716d (patch) | |
| tree | 29495885f98dc1080fc426ef08792dd0caf739a6 /php/Attic/examples/sample-sp/register.php | |
| parent | 5be8519c1f44c4cbaecc659762bc5b23d36e2bfe (diff) | |
| download | lasso-0abfa7d0c8bac90e291cf7664a0302aa286f716d.tar.gz lasso-0abfa7d0c8bac90e291cf7664a0302aa286f716d.tar.xz lasso-0abfa7d0c8bac90e291cf7664a0302aa286f716d.zip | |
Use header("Location: $url\n\n") instead of header("Location: $url")
Secure every SQL query with the quoteSmart methode.
Completely rewrite singleSignOn.php, now the code is more easy to understand
and more clean.
Diffstat (limited to 'php/Attic/examples/sample-sp/register.php')
| -rw-r--r-- | php/Attic/examples/sample-sp/register.php | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/php/Attic/examples/sample-sp/register.php b/php/Attic/examples/sample-sp/register.php index 7e61d4f7..317c3460 100644 --- a/php/Attic/examples/sample-sp/register.php +++ b/php/Attic/examples/sample-sp/register.php @@ -43,7 +43,11 @@ if (DB::isError($db)) die($db->getMessage()); - $query = "UPDATE users SET first_name='" . $_POST['first_name'] . "',last_name='". $_POST['last_name'] ."' WHERE user_id='".$_SESSION["user_id"]."'"; + // Update User info + $query = "UPDATE users SET first_name=" . $db->quoteSmart($_POST['first_name']); + $query .= ",last_name=" . $db->quoteSmart($_POST['last_name']); + $query .= " WHERE user_id='".$_SESSION["user_id"]."'"; + $res =& $db->query($query); if (DB::isError($res)) print $res->getMessage(). "\n"; @@ -51,8 +55,8 @@ $url = "index.php"; header("Request-URI: $url"); header("Content-Location: $url"); - header("Location: $url"); - break; + header("Location: $url\n\n"); + exit(); default: ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" |