mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-01 05:39:10 +02:00
Merged revisions 49834 via svnmerge from
svn://svn.silverstripe.com/silverstripe/modules/sapphire/branches/2.2.0-mesq ........ r49834 | ischommer | 2008-02-20 11:45:56 +1300 (Wed, 20 Feb 2008) | 1 line fixed sql-injection ........ git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@49828 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
b10974b553
commit
3f6afa2904
@ -107,7 +107,12 @@ JS;
|
||||
|
||||
function validate( $validate ) {
|
||||
|
||||
$result = DB::query( "SELECT COUNT(*) FROM " . $this->restrictedTable . " WHERE " . $this->restrictedField . " = '" . $this->value . "'" )->value();
|
||||
$result = DB::query(sprintf(
|
||||
"SELECT COUNT(*) FROM `%s` WHERE `%s` = '%s'",
|
||||
$this->restrictedTable,
|
||||
$this->restrictedField,
|
||||
Convert::raw2sql($this->value)
|
||||
))->value();
|
||||
|
||||
if( $result && ( $result > 0 ) ) {
|
||||
$validator->validationError( $this->name, _t('Form.VALIDATIONNOTUNIQUE', "The value entered is not unique") );
|
||||
|
Loading…
Reference in New Issue
Block a user