Temporær fiks for sql injection. Bør gjøres med prepared statements
This commit is contained in:
parent
953f1fe842
commit
2c07495d82
@ -573,13 +573,28 @@ main(int argc, char *argv[])
|
||||
}
|
||||
break;
|
||||
case c_drop:
|
||||
drop(&mysql, db);
|
||||
if(dbname_isclean(db)) {
|
||||
drop(&mysql, db);
|
||||
} else {
|
||||
dberror(NULL, "Database name '%s' contains invalid characters.\n"
|
||||
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", db);
|
||||
}
|
||||
break;
|
||||
case c_editperm:
|
||||
editperm(&mysql, db);
|
||||
if(dbname_isclean(db)) {
|
||||
editperm(&mysql, db);
|
||||
} else {
|
||||
dberror(NULL, "Database name '%s' contains invalid characters.\n"
|
||||
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", db);
|
||||
}
|
||||
break;
|
||||
case c_show:
|
||||
show(&mysql, db);
|
||||
if(dbname_isclean(db)) {
|
||||
show(&mysql, db);
|
||||
} else {
|
||||
dberror(NULL, "Database name '%s' contains invalid characters.\n"
|
||||
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", db);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
return dberror(NULL, "This point should never be reached!");
|
||||
|
Loading…
Reference in New Issue
Block a user