Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

CC-5121: fix some SQL statements not being escaped/prepared

Browse source
This commit is contained in:
Martin Konecny 2013-05-09 15:08:47 -04:00
parent 21df9013ee
commit 9c05511613
4 changed files with 77 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

17
airtime_mvc/application/models/Subjects.php
View file

@ -20,20 +20,25 @@ class Application_Model_Subjects
public static function increaseLoginAttempts($login)
{
$con = Propel::getConnection();
$sql = "UPDATE cc_subjs SET login_attempts = login_attempts+1"
." WHERE login='$login'";
$res = $con->exec($sql);
." WHERE login=:login";
$map = array(":login" => $login);
$res = Application_Common_Database::prepareAndExecute($sql, $map,
Application_Common_Database::EXECUTE);
return (intval($res) > 0);
}
public static function resetLoginAttempts($login)
{
$con = Propel::getConnection();
$sql = "UPDATE cc_subjs SET login_attempts = '0'"
." WHERE login='$login'";
$res = $con->exec($sql);
." WHERE login=:login";
$map = array(":login" => $login);
$res = Application_Common_Database::prepareAndExecute($sql, $map,
Application_Common_Database::EXECUTE);
return true;
}