Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CC-5121: fix some SQL statements not being escaped/prepared

This commit is contained in:
denise 2013-05-09 16:05:04 -04:00
parent b7337d0df3
commit 8cd8d0922f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
airtime_mvc/application/models/LoginAttempts.php
View File

@ -29,7 +29,7 @@ class Application_Model_LoginAttempts
public static function resetAttempts($ip) public static function resetAttempts($ip)
{ {
$sql = "select count(*) from cc_login_attempts WHERE ip= :ip"; $sql = "select count(*) from cc_login_attempts WHERE ip= :ip";
$res = Application_Common_Database::prepareAndExecute($sql, array(':ip'=>$ip), Application_Common_Database::ALL); $res = Application_Common_Database::prepareAndExecute($sql, array(':ip'=>$ip), Application_Common_Database::COLUMN);
if ($res > 0) { if ($res > 0) {
$sql = "DELETE FROM cc_login_attempts WHERE ip= :ip"; $sql = "DELETE FROM cc_login_attempts WHERE ip= :ip";
Application_Common_Database::prepareAndExecute($sql, array(':ip'=>$ip), Application_Common_Database::EXECUTE); Application_Common_Database::prepareAndExecute($sql, array(':ip'=>$ip), Application_Common_Database::EXECUTE);