tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-01 05:39:10 +02:00
Code Issues Projects Releases Wiki Activity

Merged revisions 49834 via svnmerge from

Browse Source 
svn://svn.silverstripe.com/silverstripe/modules/sapphire/branches/2.2.0-mesq

........
  r49834 | ischommer | 2008-02-20 11:45:56 +1300 (Wed, 20 Feb 2008) | 1 line
  
  fixed sql-injection
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@49828 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2008-02-19 22:46:30 +00:00
parent b10974b553
commit 3f6afa2904
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
forms/AjaxUniqueTextField.php
View File

@ -107,7 +107,12 @@ JS;
function validate( $validate ) {
$result = DB::query( "SELECT COUNT(*) FROM " . $this->restrictedTable . " WHERE " . $this->restrictedField . " = '" . $this->value . "'" )->value();
$result = DB::query(sprintf(
"SELECT COUNT(*) FROM `%s` WHERE `%s` = '%s'",
$this->restrictedTable,
$this->restrictedField,
Convert::raw2sql($this->value)
))->value();
if( $result && ( $result > 0 ) ) {
$validator->validationError( $this->name, _t('Form.VALIDATIONNOTUNIQUE', "The value entered is not unique") );