Commit 7fb28a61 authored by Kevin Atkinson's avatar Kevin Atkinson

Properly quote parameter values with DBQuoteSpecial in User::Update.

parent 0cea3c39
......@@ -933,7 +933,7 @@ sub Update($$)
my $uid_idx = $self->uid_idx();
my $query = "update users set usr_modified=now(), ".
join(",", map("$_='" . $argref->{$_} . "'", keys(%{$argref})));
join(",", map("$_=" . DBQuoteSpecial($argref->{$_}), keys(%{$argref})));
$query .= " where uid_idx='$uid_idx'";
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment