From 7d5dcb875fb6e2d0b0a667d8f93ba401b53b8df1 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@helsinki.at>
Date: Thu, 18 Sep 2014 15:01:42 +0000
Subject: escpaing sql sting befor use


diff --git a/lib/rddb.pm b/lib/rddb.pm
index 7767fde..2881fb1 100755
--- a/lib/rddb.pm
+++ b/lib/rddb.pm
@@ -34,7 +34,8 @@ sub get_token
 {
   my ($dbh, $username) = @_;
 
-  my $sth = $dbh->prepare('select PASSWORD from USERS where LOGIN_NAME = ?')
+  my $sql = qq{select PASSWORD from USERS where LOGIN_NAME = ?;};
+  my $sth = $dbh->prepare($sql)
     or return (undef, 'ERROR', "Database Error: " . $dbh->errstr);
 
   $sth->execute($username)
@@ -53,7 +54,8 @@ sub check_token
 {
   my ($dbh, $username, $token) = @_;
 
-  my $sth = $dbh->prepare('select PASSWORD from USERS where LOGIN_NAME = ?')
+  my $sql = qq{select PASSWORD from USERS where LOGIN_NAME = ?;};
+  my $sth = $dbh->prepare($sql)
     or return (0, 'ERROR', "Database Error: " . $dbh->errstr);
 
   $sth->execute($username)
-- 
cgit v0.10.2