Sanitize user input
This commit is contained in:
parent
08132587d1
commit
80aa44565b
|
@ -299,7 +299,7 @@ class OC_DB {
|
|||
// Die if we have an error (error means: bad query, not 0 results!)
|
||||
if( PEAR::isError($result)) {
|
||||
$entry = 'DB Error: "'.$result->getMessage().'"<br />';
|
||||
$entry .= 'Offending command was: '.$query.'<br />';
|
||||
$entry .= 'Offending command was: '.htmlentities($query).'<br />';
|
||||
OC_Log::write('core', $entry,OC_Log::FATAL);
|
||||
error_log('DB error: '.$entry);
|
||||
die( $entry );
|
||||
|
@ -309,7 +309,7 @@ class OC_DB {
|
|||
$result=self::$connection->prepare($query);
|
||||
}catch(PDOException $e) {
|
||||
$entry = 'DB Error: "'.$e->getMessage().'"<br />';
|
||||
$entry .= 'Offending command was: '.$query.'<br />';
|
||||
$entry .= 'Offending command was: '.htmlentities($query).'<br />';
|
||||
OC_Log::write('core', $entry,OC_Log::FATAL);
|
||||
error_log('DB error: '.$entry);
|
||||
die( $entry );
|
||||
|
|
Loading…
Reference in New Issue