aboutsummaryrefslogtreecommitdiff
path: root/GradeBook_lib.tcl
diff options
context:
space:
mode:
authorEugeniy Mikhailov <evgmik@gmail.com>2012-12-12 09:47:22 -0500
committerEugeniy Mikhailov <evgmik@gmail.com>2012-12-12 09:47:22 -0500
commit1441155d94cba50fd59bf2fb12dde3c4c3569db7 (patch)
tree01097d3c8e3e95505a6ef68274597c21ad8dff19 /GradeBook_lib.tcl
parentd25be6e92b8a39594284e9ba60bb97506a05e233 (diff)
downloadGradeBook-1441155d94cba50fd59bf2fb12dde3c4c3569db7.tar.gz
GradeBook-1441155d94cba50fd59bf2fb12dde3c4c3569db7.zip
check against sql injection during password database accessv2.0.4
Diffstat (limited to 'GradeBook_lib.tcl')
-rwxr-xr-xGradeBook_lib.tcl3
1 files changed, 2 insertions, 1 deletions
diff --git a/GradeBook_lib.tcl b/GradeBook_lib.tcl
index 340bed2..68b74cc 100755
--- a/GradeBook_lib.tcl
+++ b/GradeBook_lib.tcl
@@ -1824,7 +1824,8 @@ proc Create_Passwords_Table {} {
}
proc is_User_Registered_in_Passwords_DB { user_requested } {
- set eval_str [list SELECT UserName FROM PasswordsTable WHERE UserName='$user_requested']
+ # note the use of : instead of $ (this sqlite feature)
+ set eval_str {SELECT UserName FROM PasswordsTable WHERE UserName=:user_requested}
set err [catch {
pdb eval $eval_str registered_user_names_array {}
} errStat ]