From 0abfa7d0c8bac90e291cf7664a0302aa286f716d Mon Sep 17 00:00:00 2001 From: Christophe Nowicki Date: Fri, 10 Sep 2004 15:17:36 +0000 Subject: Use header("Location: $url\n\n") instead of header("Location: $url") Secure every SQL query with the quoteSmart methode. Completely rewrite singleSignOn.php, now the code is more easy to understand and more clean. --- php/Attic/examples/sample-sp/register.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'php/Attic/examples/sample-sp/register.php') diff --git a/php/Attic/examples/sample-sp/register.php b/php/Attic/examples/sample-sp/register.php index 7e61d4f7..317c3460 100644 --- a/php/Attic/examples/sample-sp/register.php +++ b/php/Attic/examples/sample-sp/register.php @@ -43,7 +43,11 @@ if (DB::isError($db)) die($db->getMessage()); - $query = "UPDATE users SET first_name='" . $_POST['first_name'] . "',last_name='". $_POST['last_name'] ."' WHERE user_id='".$_SESSION["user_id"]."'"; + // Update User info + $query = "UPDATE users SET first_name=" . $db->quoteSmart($_POST['first_name']); + $query .= ",last_name=" . $db->quoteSmart($_POST['last_name']); + $query .= " WHERE user_id='".$_SESSION["user_id"]."'"; + $res =& $db->query($query); if (DB::isError($res)) print $res->getMessage(). "\n"; @@ -51,8 +55,8 @@ $url = "index.php"; header("Request-URI: $url"); header("Content-Location: $url"); - header("Location: $url"); - break; + header("Location: $url\n\n"); + exit(); default: ?>