summaryrefslogtreecommitdiffstats
path: root/php/Attic/examples/sample-sp/admin_user.php
diff options
context:
space:
mode:
Diffstat (limited to 'php/Attic/examples/sample-sp/admin_user.php')
-rw-r--r--php/Attic/examples/sample-sp/admin_user.php17
1 files changed, 8 insertions, 9 deletions
diff --git a/php/Attic/examples/sample-sp/admin_user.php b/php/Attic/examples/sample-sp/admin_user.php
index 6893ad72..4c219432 100644
--- a/php/Attic/examples/sample-sp/admin_user.php
+++ b/php/Attic/examples/sample-sp/admin_user.php
@@ -33,7 +33,7 @@
die($db->getMessage());
if (!empty($_GET['dump'])) {
- $query = "SELECT identity_dump FROM users WHERE user_id='" . $_GET['dump'] . "'";
+ $query = "SELECT identity_dump FROM users WHERE user_id='".$db->quoteSmart($_GET['dump']);
$res =& $db->query($query);
if (DB::isError($res))
print $res->getMessage(). "\n";
@@ -64,21 +64,20 @@
exit;
}
- if (!empty($_GET['del'])) {
+ if (!empty($_GET['del']))
+ {
- $query = "DELETE FROM nameidentifiers WHERE user_id='" . $_GET['del'] . "'" ;
+ $query = "DELETE FROM nameidentifiers WHERE user_id=".$db->quoteSmart($_GET['del']);
$res =& $db->query($query);
if (DB::isError($res))
- print $res->getMessage(). "\n";
+ die($res->getMessage());
- $query = "DELETE FROM users WHERE user_id='" . $_GET['del'] . "'" ;
+ $query = "DELETE FROM users WHERE user_id='".$db->quoteSmart($_GET['del']);
$res =& $db->query($query);
if (DB::isError($res))
- print $res->getMessage(). "\n";
-
- }
+ die($res->getMessage());
+ }
-
$query = "SELECT * FROM users";
$res =& $db->query($query);
if (DB::isError($res))
generated by cgit (git 2.34.1) at 2026-01-09 22:56:29 +0000