diff options
author | Eugeniy Mikhailov <evgmik@gmail.com> | 2012-12-18 12:52:11 -0500 |
---|---|---|
committer | Eugeniy Mikhailov <evgmik@gmail.com> | 2012-12-18 12:52:11 -0500 |
commit | 93a0a9f6bca5ed195839d1c398bb5c362760f0c7 (patch) | |
tree | 61fa530935e886ecc788e2e052ef8f573e640333 | |
parent | 503c04d9c32610998aab51c46191b4de2c1e844a (diff) | |
download | GradeBook-93a0a9f6bca5ed195839d1c398bb5c362760f0c7.tar.gz GradeBook-93a0a9f6bca5ed195839d1c398bb5c362760f0c7.zip |
sql injection protection in SelectItemFromCourseInfoTablev2.0.7
-rwxr-xr-x | GradeBook_lib.tcl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/GradeBook_lib.tcl b/GradeBook_lib.tcl index bf4d7ca..d7b9b5f 100755 --- a/GradeBook_lib.tcl +++ b/GradeBook_lib.tcl @@ -384,7 +384,7 @@ proc CreateCourseInfoTable {db} { proc SelectItemFromCourseInfoTable { item } { set value {} - set eval_str "SELECT \"Value\" FROM CourseInfoTable where Item=\"$item\"" + set eval_str "SELECT Value FROM CourseInfoTable where Item=:item" set err [catch { db eval $eval_str v { set value $v(Value) |