Escape the string in order to prevent injections...
This commit is contained in:
Klaus-Uwe Mitterer
parent
bf93fcd148
commit
f93a6eba03
1 changed files with 1 additions and 1 deletions
|
|
@ -12,7 +12,7 @@ if ($conn->connect_error) {
|
|||
die("Connection failed: " . $conn->connect_error);
|
||||
}
|
||||
|
||||
$sql = "SELECT ts, lat, lon FROM tracker WHERE device='" . $_GET["device"] . "' ORDER BY ts ASC;";
|
||||
$sql = "SELECT ts, lat, lon FROM tracker WHERE device='" . mysqli_real_escape_string($conn, $_GET["device"]) . "' ORDER BY ts ASC;";
|
||||
$result = $conn->query($sql);
|
||||
|
||||
if ($result->num_rows > 0) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue