diff options
author | Christian Pointner <equinox@helsinki.at> | 2014-09-18 15:01:42 (GMT) |
---|---|---|
committer | Christian Pointner <equinox@helsinki.at> | 2014-09-18 15:01:42 (GMT) |
commit | 7d5dcb875fb6e2d0b0a667d8f93ba401b53b8df1 (patch) | |
tree | 12d597f07acf8e267eb17dcc677df08ab9f7fc60 | |
parent | ebbdacfb7cbe31ca917e3f115ff6913d85a439a3 (diff) |
escpaing sql sting befor use
-rwxr-xr-x | lib/rddb.pm | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/rddb.pm b/lib/rddb.pm index 7767fde..2881fb1 100755 --- a/lib/rddb.pm +++ b/lib/rddb.pm @@ -34,7 +34,8 @@ sub get_token { my ($dbh, $username) = @_; - my $sth = $dbh->prepare('select PASSWORD from USERS where LOGIN_NAME = ?') + my $sql = qq{select PASSWORD from USERS where LOGIN_NAME = ?;}; + my $sth = $dbh->prepare($sql) or return (undef, 'ERROR', "Database Error: " . $dbh->errstr); $sth->execute($username) @@ -53,7 +54,8 @@ sub check_token { my ($dbh, $username, $token) = @_; - my $sth = $dbh->prepare('select PASSWORD from USERS where LOGIN_NAME = ?') + my $sql = qq{select PASSWORD from USERS where LOGIN_NAME = ?;}; + my $sth = $dbh->prepare($sql) or return (0, 'ERROR', "Database Error: " . $dbh->errstr); $sth->execute($username) |