This one I'm not absolutely sure about wether it's a bug report or more of a support request.
I am getting reports of a sing due to usage of mysql_real_escape_string without quotes in a code like the following :
$token = mysql_real_escape_string($_GET['token']);
$data1 = mysql_fetch_array(mysql_query("SELECT token FROM table WHERE token='" . $token . "'"));
It pretty much seems to me that there is in fact quotes but that rips is just failing to find them.
Am I right or do I just do everything wrong ?
Log in to post a comment.