[SUCS Devel] site r637 - branches/sucs-site/components

[arthur at sucs.org]

Author: arthur
Date: 2015-01-30 15:23:35 +0000 (Fri, 30 Jan 2015)
New Revision: 637

Modified:
   branches/sucs-site/components/susignup-admin.php
   branches/sucs-site/components/susignup.php
Log:
Don't call addslashes() on query parameters, you corrupt the content


Modified: branches/sucs-site/components/susignup-admin.php
===================================================================
--- branches/sucs-site/components/susignup-admin.php	2015-01-30 14:54:45 UTC (rev 636)
+++ branches/sucs-site/components/susignup-admin.php	2015-01-30 15:23:35 UTC (rev 637)
@@ -84,7 +84,7 @@
 								} else {
 									$pass = make_password();
 									$query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id";
-									$attribs[]=addslashes($pass);
+									$attribs[]=$pass;
 									$attribs[]=$sid[0];
 									$attribs[]='99999'; //SUCS Magic internal use UID
 
@@ -106,7 +106,7 @@
 								if (empty($id)) {
 									$pass = make_password();
 									$query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id";
-									$attribs[]=addslashes($pass);
+									$attribs[]=$pass;
 									$attribs[]=$sid[0];
 									$attribs[]='99999'; //SUCS Magic internal use UID
 

Modified: branches/sucs-site/components/susignup.php
===================================================================
--- branches/sucs-site/components/susignup.php	2015-01-30 14:54:45 UTC (rev 636)
+++ branches/sucs-site/components/susignup.php	2015-01-30 15:23:35 UTC (rev 637)
@@ -210,7 +210,7 @@
 						unset($query);
 						$query = "insert into signup (password,sid,issuedby) values( ?, ?, ?) returning id";
 						unset($attribs);
-						$attribs[]=addslashes($pass);
+						$attribs[]=$pass;
 						$attribs[]=$array['cardNumber'];
 						$attribs[]='99999';