AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added more mysql escapes to more get vars

This commit is contained in:
johnny@pittpc.com 2019-08-28 22:01:22 -04:00
parent 2d5ac7c2e6
commit 720a0df214
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
guest_post.php
View File

@ -9,7 +9,7 @@ require_once $mpdf_path . '/vendor/autoload.php';
if(isset($_GET['pdf_invoice'], $_GET['url_key'])){
$invoice_id = intval($_GET['pdf_invoice']);
$url_key = $_GET['url_key'];
$url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoices, clients
WHERE invoices.client_id = clients.client_id
@ -231,7 +231,7 @@ if(isset($_GET['pdf_invoice'], $_GET['url_key'])){
if(isset($_GET['pdf_quote'], $_GET['url_key'])){
$quote_id = intval($_GET['pdf_quote']);
$url_key = $_GET['url_key'];
$url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes, clients
WHERE quotes.client_id = clients.client_id
@ -428,7 +428,7 @@ if(isset($_GET['pdf_quote'], $_GET['url_key'])){
if(isset($_GET['approve_quote'], $_GET['url_key'])){
$quote_id = intval($_GET['approve_quote']);
$url_key = $_GET['url_key'];
$url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes
WHERE quotes.quote_id = $quote_id
@ -453,7 +453,7 @@ if(isset($_GET['approve_quote'], $_GET['url_key'])){
if(isset($_GET['reject_quote'], $_GET['url_key'])){
$quote_id = intval($_GET['reject_quote']);
$url_key = $_GET['url_key'];
$url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes
WHERE quotes.quote_id = $quote_id