Correcting Sadashiva's patch for SQL-injection and maintainability concerns.

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@2354 4979c152-3d1c-0410-bac9-87ea11338e46
author: einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> 2008-10-07 16:32:47 +0000
committer: einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> 2008-10-07 16:32:47 +0000
commit: fc6857004eeabf6963a9b2856f51db8842c00b70 (patch)
tree: 5a22706115f6cb47e2d9c49277f817e3977e927d
parent: ddd452af128f9b4698a1c1d6cc7fe2f23a0e6c90 (diff)
1 files changed, 3 insertions, 11 deletions
diff --git a/LedgerSMB/AM.pm b/LedgerSMB/AM.pm
index 1d209358..bb4984a7 100755
--- a/LedgerSMB/AM.pm
+++ b/LedgerSMB/AM.pm
@@ -1420,22 +1420,14 @@ sub save_defaults {
 				    $sth_defcheck->execute() || $form->dberror("execute defaults $_");
 			            while(my $found1=$sth_defcheck->fetchrow()){$found=$found1;}
 				    
-				    if($val ne '') 
-				    {
-					  if($found)
+					if($found)
 					  {
-						$dbh->do("update defaults set value='$val' where setting_key='$_';");
+						$dbh->do("update defaults set value=" . $dbh->quote($val) . " where setting_key='$_';");
 					  }
 					  else
 					  {
-						$dbh->do("insert into defaults(value,setting_key) values('$val','$_');"); 
+						$dbh->do("insert into defaults(value,setting_key) values(" . $dbh->quote($val) . ",'$_');"); 
 					  }
-				    }
-				    else
-				    {
-					  if($found){$dbh->do("delete from defaults where setting_key='$_';")};      	
-
-				    }
 
         }
author	einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>	2008-10-07 16:32:47 +0000
committer	einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>	2008-10-07 16:32:47 +0000
commit	fc6857004eeabf6963a9b2856f51db8842c00b70 (patch)
tree	5a22706115f6cb47e2d9c49277f817e3977e927d
parent	ddd452af128f9b4698a1c1d6cc7fe2f23a0e6c90 (diff)