Browse Source

Escape data before writing to config.php (#38)

Tobias Reich 10 years ago
parent
commit
8b76fadf6d
1 changed files with 7 additions and 0 deletions
  1. 7 0
      php/modules/Database.php

+ 7 - 0
php/modules/Database.php

@@ -86,6 +86,13 @@ class Database extends Module {
 
 		}
 
+		# Escape data
+		$host		= mysqli_real_escape_string($database, $host);
+		$user		= mysqli_real_escape_string($database, $user);
+		$password	= mysqli_real_escape_string($database, $password);
+		$name		= mysqli_real_escape_string($database, $name);
+		$prefix		= mysqli_real_escape_string($database, $prefix);
+
 		# Save config.php
 $config = "<?php