Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CC-5121 :fix some SQL statements not being escaped/prepared

This commit is contained in:
Naomi 2013-05-10 12:35:08 -04:00
parent d5e7185789
commit 987537fbdc
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
airtime_mvc/application/models/Subjects.php
View File

@ -45,9 +45,11 @@ class Application_Model_Subjects
public static function getLoginAttempts($login) public static function getLoginAttempts($login)
{ {
$con = Propel::getConnection(); $sql = "SELECT login_attempts FROM cc_subjs WHERE login=:login";
$sql = "SELECT login_attempts FROM cc_subjs WHERE login='$login'"; $map = array(":login" => $login);
$res = $con->query($sql)->fetchColumn(0);
$res = Application_Common_Database::prepareAndExecute($sql, $map,
Application_Common_Database::COLUMN);
return ($res !== false) ? $res : 0; return ($res !== false) ? $res : 0;
} }