From bb69fee584bc28c32038d70b386c25d07c0caa9f Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Sun, 23 Oct 2005 21:18:41 +0000 Subject: [PATCH] Need to htmlspecialchars() the query string in an error --- db_mysql.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db_mysql.php b/db_mysql.php index 0afcfed..d824e5f 100644 --- a/db_mysql.php +++ b/db_mysql.php @@ -288,7 +288,7 @@ class DB_MySQL $style['code'] = 'font-family: \'Courier New\', Courier, mono; font-size: 11px;'; $message_prepped = "
\n

"; - $message_prepped .= "\n\t» Query:\n

" . $this->query_str ."
\n
"; + $message_prepped .= "\n\t» Query:\n
" . htmlspecialchars($this->query_str) ."
\n
"; $message_prepped .= "\n\t» Error Number: " . $this->error_no . "\n
"; $message_prepped .= "\n\t» Error Message: " . $this->error_str . "\n
"; $message_prepped .= "\n\t» Additional Notes: " . $message . "\n
"; -- 2.43.5