Temporær fiks for sql injection. Bør gjøres med prepared statements

This commit is contained in:
Geir Hauge 2012-11-29 14:57:13 +00:00
parent 953f1fe842
commit 2c07495d82

View File

@ -573,13 +573,28 @@ main(int argc, char *argv[])
}
break;
case c_drop:
drop(&mysql, db);
if(dbname_isclean(db)) {
drop(&mysql, db);
} else {
dberror(NULL, "Database name '%s' contains invalid characters.\n"
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", db);
}
break;
case c_editperm:
editperm(&mysql, db);
if(dbname_isclean(db)) {
editperm(&mysql, db);
} else {
dberror(NULL, "Database name '%s' contains invalid characters.\n"
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", db);
}
break;
case c_show:
show(&mysql, db);
if(dbname_isclean(db)) {
show(&mysql, db);
} else {
dberror(NULL, "Database name '%s' contains invalid characters.\n"
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", db);
}
break;
default:
return dberror(NULL, "This point should never be reached!");