Update of /cvsroot/dynapi/dynapi3x/test/scripts
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv22337
Modified Files:
storeResult.php
Log Message:
Fixed bad SQL and strip slashes from request parameters
Index: storeResult.php
===================================================================
RCS file: /cvsroot/dynapi/dynapi3x/test/scripts/storeResult.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** storeResult.php 15 Aug 2005 23:18:16 -0000 1.1
--- storeResult.php 23 Aug 2005 22:58:57 -0000 1.2
***************
*** 16,22 ****
$name = $_REQUEST['name'];
$passfail = $_REQUEST['passfail'];
! $comments = $_REQUEST['comments'];
! $tester = $_REQUEST['tester'];
! $agent = $_SERVER['HTTP_USER_AGENT'];
$dynapiVersion = getDynAPIVersion();
$now = date("YmdHis");
--- 16,22 ----
$name = $_REQUEST['name'];
$passfail = $_REQUEST['passfail'];
! $comments = stripslashes($_REQUEST['comments']);
! $tester = stripslashes($_REQUEST['tester']);
! $agent = stripslashes($_SERVER['HTTP_USER_AGENT']);
$dynapiVersion = getDynAPIVersion();
$now = date("YmdHis");
***************
*** 44,48 ****
or die("Could not select database $test_database_name");
! $query = "INSERT INTO testresult (testcase_name, dynapi_version, testcase_date, passed, comments, user_agent, test_date, tester) VALUES ('$name', 'dynapi$version', '$fileMod', $passfail, '$comments', '$agent', '$now', '$tester')";
mysql_query($query) or die('Query failed: ' . mysql_error());
--- 44,48 ----
or die("Could not select database $test_database_name");
! $query = "INSERT INTO testresult (testcase_name, dynapi_version, testcase_date, passed, comments, user_agent, test_date, tester) VALUES ('$name', '$dynapiVersion', '$fileMod', $passfail, '$comments', '$agent', '$now', '$tester')";
mysql_query($query) or die('Query failed: ' . mysql_error());
|
