diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-06-01 05:13:28 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-06-01 05:13:28 +0000 |
| commit | 0d8e43fea5f354cbadd5feba27859622bbe85f78 (patch) | |
| tree | 696c45e7ce9f2223a81a87112f0c12f433b55be0 /lib/install.php | |
| parent | 7603e48e9e7f953e67e62143686c1b5228262385 (diff) | |
| download | ampache-0d8e43fea5f354cbadd5feba27859622bbe85f78.tar.gz ampache-0d8e43fea5f354cbadd5feba27859622bbe85f78.tar.bz2 ampache-0d8e43fea5f354cbadd5feba27859622bbe85f78.zip | |
missed a sql_escape on the installer
Diffstat (limited to 'lib/install.php')
| -rw-r--r-- | lib/install.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/install.php b/lib/install.php index 15e705d5..ede48a17 100644 --- a/lib/install.php +++ b/lib/install.php @@ -136,7 +136,7 @@ function install_insert_db($username,$password,$hostname,$database) { if ($_REQUEST['db_user'] == 'create_db_user') { $db_user = scrub_in($_REQUEST['db_username']); $db_pass = scrub_in($_REQUEST['db_password']); - $sql = "GRANT ALL PRIVILEGES ON " . sql_escape($database,$dbh) . ".* TO " . + $sql = "GRANT ALL PRIVILEGES ON " . Dba::escape($database) . ".* TO " . "'" . Dba::escape($db_user) . "'@'" . Dba::escape($hostname) . "' IDENTIFIED BY '" . Dba::escape($db_pass) . "' WITH GRANT OPTION"; if (!$db_results = @mysql_query($sql, $dbh)) { |