author | Ted Guild <ted@w3.org> |
Tue, 15 Oct 2013 14:45:58 -0400 | |
changeset 29 | 193356079921 |
parent 28 | 1090ad6c914b |
sharing/share.php |
--- a/sharing/share.php Tue Oct 15 14:29:34 2013 -0400 +++ b/sharing/share.php Tue Oct 15 14:45:58 2013 -0400 @@ -140,7 +140,7 @@ $host = $fields[0]; // use it to retrieve existing record if one exists - $query = "SELECT ALL FROM site_info WHERE host=".$host; + $query = "SELECT ALL FROM site_info WHERE host='".mysql_real_escape_string($host)."'"; $result = mysql_query($query); $row = mysql_fetch_array($result);