[security] XSS and SQL injection

This commit is contained in:
Marc Delisle
2009-10-12 21:47:40 +00:00
parent 72f86848c3
commit 212daad0c0
4 changed files with 20 additions and 14 deletions

View File

@@ -463,7 +463,7 @@ if ($cfgRelation['pdfwork'] && $num_tables > 0) { ?>
<?php
while ($pages = @PMA_DBI_fetch_assoc($test_rs)) {
echo ' <option value="' . $pages['page_nr'] . '">'
. $pages['page_nr'] . ': ' . $pages['page_descr'] . '</option>' . "\n";
. $pages['page_nr'] . ': ' . htmlspecialchars($pages['page_descr']) . '</option>' . "\n";
} // end while
PMA_DBI_free_result($test_rs);
unset($test_rs);