AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

More Security fixes escaping search and sortby GET vars

Browse Source
This commit is contained in:
johnny@pittpc.com
2019-08-31 15:38:16 -04:00
parent 71decb9332
commit 9050f4b03a
32 changed files with 108 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
global_search.php
View File

@@ -4,7 +4,7 @@
if(isset($_GET['query'])){
$query = $_GET['query'];
$query = mysqli_real_escape_string($mysqli,$_GET['query']);
$sql_clients = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY client_id DESC LIMIT 5");
$sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY vendor_id DESC LIMIT 5");