sql injection protection in SelectItemFromCourseInfoTablev2.0.7

author: Eugeniy Mikhailov <evgmik@gmail.com> 2012-12-18 12:52:11 -0500
committer: Eugeniy Mikhailov <evgmik@gmail.com> 2012-12-18 12:52:11 -0500
commit: 93a0a9f6bca5ed195839d1c398bb5c362760f0c7 (patch)
tree: 61fa530935e886ecc788e2e052ef8f573e640333 /GradeBook_lib.tcl
parent: 503c04d9c32610998aab51c46191b4de2c1e844a (diff)
download: GradeBook-93a0a9f6bca5ed195839d1c398bb5c362760f0c7.tar.gz
GradeBook-93a0a9f6bca5ed195839d1c398bb5c362760f0c7.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/GradeBook_lib.tcl b/GradeBook_lib.tcl
index bf4d7ca..d7b9b5f 100755
--- a/GradeBook_lib.tcl
+++ b/GradeBook_lib.tcl
@@ -384,7 +384,7 @@ proc CreateCourseInfoTable {db} {
 
 proc SelectItemFromCourseInfoTable { item } {
 	set value {}
-	set eval_str "SELECT \"Value\"  FROM CourseInfoTable  where Item=\"$item\""
+	set eval_str "SELECT Value  FROM CourseInfoTable  where Item=:item"
 	set err [catch {
 		db eval $eval_str v {
 			set value $v(Value)
author	Eugeniy Mikhailov <evgmik@gmail.com>	2012-12-18 12:52:11 -0500
committer	Eugeniy Mikhailov <evgmik@gmail.com>	2012-12-18 12:52:11 -0500
commit	93a0a9f6bca5ed195839d1c398bb5c362760f0c7 (patch)
tree	61fa530935e886ecc788e2e052ef8f573e640333 /GradeBook_lib.tcl
parent	503c04d9c32610998aab51c46191b4de2c1e844a (diff)
download	GradeBook-93a0a9f6bca5ed195839d1c398bb5c362760f0c7.tar.gz GradeBook-93a0a9f6bca5ed195839d1c398bb5c362760f0c7.zip