maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

prep.statement cannot be used for create database query; regex-validate database_name

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2021-10-11 18:55:15 +02:00
parent eb592340b0
commit 5009c625d8
2 changed files with 2 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/Froxlor/Api/Commands/Mysqls.php
View File

@@ -61,7 +61,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
$password = \Froxlor\System\Crypt::validatePassword($password, true);
$databasedescription = \Froxlor\Validate\Validate::validate(trim($databasedescription), 'description', '', '', array(), true);
$databasename = \Froxlor\Validate\Validate::validate(trim($databasename), 'database_name', '', '', array(), true);
$databasename = \Froxlor\Validate\Validate::validate(trim($databasename), 'database_name', '/^[A-Za-z0-9][A-Za-z0-9\-_]+$/i', '', array(), true);
// validate whether the dbserver exists
$dbserver = \Froxlor\Validate\Validate::validate($dbserver, html_entity_decode($this->lng['mysql']['mysql_server']), '', '', 0, true);

5
lib/Froxlor/Database/Manager/DbManagerMySQL.php
View File

@@ -60,10 +60,7 @@ class DbManagerMySQL
*/
public function createDatabase($dbname = null)
{
$stmt = Database::prepare("CREATE DATABASE :dbname");
Database::pexecute($stmt, [
'dbname' => $dbname
]);
Database::query("CREATE DATABASE `" . Database::quote($dbname) . "`");
}
/**