summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@helsinki.at>2014-09-18 15:01:42 (GMT)
committerChristian Pointner <equinox@helsinki.at>2014-09-18 15:01:42 (GMT)
commit7d5dcb875fb6e2d0b0a667d8f93ba401b53b8df1 (patch)
tree12d597f07acf8e267eb17dcc677df08ab9f7fc60
parentebbdacfb7cbe31ca917e3f115ff6913d85a439a3 (diff)
escpaing sql sting befor use
-rwxr-xr-xlib/rddb.pm6
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/rddb.pm b/lib/rddb.pm
index 7767fde..2881fb1 100755
--- a/lib/rddb.pm
+++ b/lib/rddb.pm
@@ -34,7 +34,8 @@ sub get_token
{
my ($dbh, $username) = @_;
- my $sth = $dbh->prepare('select PASSWORD from USERS where LOGIN_NAME = ?')
+ my $sql = qq{select PASSWORD from USERS where LOGIN_NAME = ?;};
+ my $sth = $dbh->prepare($sql)
or return (undef, 'ERROR', "Database Error: " . $dbh->errstr);
$sth->execute($username)
@@ -53,7 +54,8 @@ sub check_token
{
my ($dbh, $username, $token) = @_;
- my $sth = $dbh->prepare('select PASSWORD from USERS where LOGIN_NAME = ?')
+ my $sql = qq{select PASSWORD from USERS where LOGIN_NAME = ?;};
+ my $sth = $dbh->prepare($sql)
or return (0, 'ERROR', "Database Error: " . $dbh->errstr);
$sth->execute($username)