Escape the string in order to prevent injections...
This commit is contained in:
Klaus-Uwe Mitterer
parent
bf93fcd148
commit
f93a6eba03
1 changed files with 1 additions and 1 deletions
|
|
@ -12,7 +12,7 @@ if ($conn->connect_error) {
|
||||||
die("Connection failed: " . $conn->connect_error);
|
die("Connection failed: " . $conn->connect_error);
|
||||||
}
|
}
|
||||||
|
|
||||||
$sql = "SELECT ts, lat, lon FROM tracker WHERE device='" . $_GET["device"] . "' ORDER BY ts ASC;";
|
$sql = "SELECT ts, lat, lon FROM tracker WHERE device='" . mysqli_real_escape_string($conn, $_GET["device"]) . "' ORDER BY ts ASC;";
|
||||||
$result = $conn->query($sql);
|
$result = $conn->query($sql);
|
||||||
|
|
||||||
if ($result->num_rows > 0) {
|
if ($result->num_rows > 0) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue