Projects/mysql-admutils
Projects
/
mysql-admutils
13
0
Fork 0
Code Issues Pull Requests Activity

Temporær fiks for sql injection. Bør gjøres med prepared statements

This commit is contained in:
Geir Hauge 2012-11-29 14:57:13 +00:00
parent 953f1fe842
commit 2c07495d82
1 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
mysql-dbadm.c
View File

@ -573,13 +573,28 @@ main(int argc, char *argv[])
} }
break; break;
case c_drop: case c_drop:
if(dbname_isclean(db)) {
drop(&mysql, db); drop(&mysql, db);
} else {
dberror(NULL, "Database name '%s' contains invalid characters.\n"
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", db);
}
break; break;
case c_editperm: case c_editperm:
if(dbname_isclean(db)) {
editperm(&mysql, db); editperm(&mysql, db);
} else {
dberror(NULL, "Database name '%s' contains invalid characters.\n"
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", db);
}
break; break;
case c_show: case c_show:
if(dbname_isclean(db)) {
show(&mysql, db); show(&mysql, db);
} else {
dberror(NULL, "Database name '%s' contains invalid characters.\n"
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", db);
}
break; break;
default: default:
return dberror(NULL, "This point should never be reached!"); return dberror(NULL, "This point should never be reached!");