[security] using prepared query for scripts too
This commit is contained in:
Benjamin Sonntag
parent
10e006bdbe
commit
369ab3bf34
|
|
@ -52,7 +52,7 @@ $recipients = array_slice($argv, 2); // rest is recipients
|
|||
// there's no function to do that, oddly enough...
|
||||
// there's one to extract the compte from the mail_id (!) but we
|
||||
// haven't created it yet...
|
||||
$db->query('SELECT id,compte FROM domaines WHERE domaine="'.addslashes($domain).'"');
|
||||
$db->query('SELECT id,compte FROM domaines WHERE domaine=?',array($domain));
|
||||
if ($db->next_record()) {
|
||||
$compte = $db->f('compte');
|
||||
$domain_id = $db->f('id');
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ if ($db->query("SELECT uid,login FROM membres;")) {
|
|||
while ($db->next_record()) {
|
||||
if (isset($list_quota[$db->f('uid')])) {
|
||||
$qu=$list_quota[$db->f('uid')];
|
||||
$db2->query("INSERT OR REPLACE INTO size_web SET uid='".intval($db->f('uid'))."',size='".intval($qu['used'])."';");
|
||||
$db2->query("INSERT OR REPLACE INTO size_web SET uid=?, size=?;",array(intval($db->f('uid')),intval($qu['used'])));
|
||||
echo $db->f('login')." (".$qu['used']." B)\n";
|
||||
}
|
||||
}
|
||||
|
|
@ -32,7 +32,7 @@ echo "\n---------------------------\n Generating size-cache for MySQL databases\
|
|||
$tab=$mysql->get_dbus_size($c["name"],$c["host"],$c["login"],$c["password"],$c["client"]);
|
||||
echo "++ Processing ".$c["name"]." ++\n";
|
||||
foreach ($tab as $dbname=>$size) {
|
||||
$db->query("REPLACE INTO size_db SET db='".$dbname."',size='$size';");
|
||||
$db->query("REPLACE INTO size_db SET db=?,size=?;",array($dbname,$size));
|
||||
echo " $dbname done ($size B) \n"; flush();
|
||||
}
|
||||
echo "\n";
|
||||
|
|
@ -52,7 +52,7 @@ if ($db->query("SELECT uid, name FROM mailman;")) {
|
|||
$size2=exec("sudo /usr/lib/alternc/du.pl ".escapeshellarg("/var/lib/mailman/archives/private/".$c["name"]));
|
||||
$size3=exec("sudo /usr/lib/alternc/du.pl ".escapeshellarg("/var/lib/mailman/archives/private/".$c["name"].".mbox"));
|
||||
$size=(intval($size1)+intval($size2)+intval($size3));
|
||||
$db->query("REPLACE INTO size_mailman SET uid='".$c["uid"]."',list='".$c["name"]."', size='$size';");
|
||||
$db->query("REPLACE INTO size_mailman SET uid=?,list=?,size=?;",array($c["uid"],$c["name"],$size));
|
||||
echo " done ($size KB) \n"; flush();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue