Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

CC-5121: fix some SQL statements not being escaped/prepared

Browse source
This commit is contained in:
denise 2013-05-09 15:53:12 -04:00
parent 21df9013ee
commit 40eb51b892
7 changed files with 87 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

3
airtime_mvc/application/models/Show.php
View file

@ -2199,12 +2199,11 @@ SQL;
public static function getMaxLengths()
{
$con = Propel::getConnection();
$sql = <<<SQL
SELECT column_name, character_maximum_length FROM information_schema.columns
WHERE table_name = 'cc_show' AND character_maximum_length > 0
SQL;
$result = $con->query($sql)->fetchAll();
$result = Application_Common_Database::prepareAndExecute($sql);
$assocArray = array();
foreach ($result as $row) {
$assocArray[$row['column_name']] = $row['character_maximum_length'];