AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix potential sql injection in add_company - post.php

This commit is contained in:
Marcus Hill 2022-03-28 20:39:35 +01:00
parent e1e3ffd786
commit d83906508d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
post.php
View File

@ -509,7 +509,7 @@ if(isset($_POST['add_company'])){
mysqli_query($mysqli,"INSERT INTO companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone = '$phone', company_email = '$email', company_website = '$website', company_locale = '$locale', company_currency = '$currency_code',company_created_at = NOW()");
$company_id = mysqli_insert_id($mysqli);
$config_base_url = $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']);
$config_base_url = mysqli_real_escape_string($mysqli,$_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']));
$config_api_key = keygen();
mkdir("uploads/clients/$company_id");