Skip to content

Commit

Permalink
Avoid SQL Injection
Browse files Browse the repository at this point in the history
  • Loading branch information
daniel authored and daniel committed Mar 23, 2019
1 parent b739ad0 commit ac77137
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion objects/bootGrid.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ static function getSqlFromPost($searchFieldsNames = array(), $keyPrefix = "", $a
if(strtoupper($value)==="DESC"){
$direction = "DESC";
}
$key = preg_replace("/[^A-Za-z0-9 ]/", '', $key);
$key = preg_replace("/[^A-Za-z0-9._ ]/", '', $key);
$orderBy[] = " {$keyPrefix}{$key} {$direction} ";
}
$sql .= " ORDER BY ".implode(",", $orderBy);
Expand Down

0 comments on commit ac77137

Please sign in to comment.