Merge pull request #189 from cosme12/patch-16

SQL Injection fix [IMPORTANT]
This commit is contained in:
Shadow
2015-08-31 21:01:14 +03:00
+1
View File
@@ -178,6 +178,7 @@ class Account {
private function Login() {
global $database,$session,$form;
$_POST['user'] = mysql_real_escape_string($_POST['user']);
if(!isset($_POST['user']) || $_POST['user'] == "") {
$form->addError("user",LOGIN_USR_EMPTY);
}