diff options
author | Andreas Jakum <aj-gh@users.noreply.github.com> | 2020-12-26 23:06:50 +0100 |
---|---|---|
committer | Andreas Jakum <aj-gh@users.noreply.github.com> | 2020-12-26 23:06:50 +0100 |
commit | 75242961eedea7bf397c3736305ff1b4a01efd02 (patch) | |
tree | 4038984ef2f4c30d4952581a5928ecab088e7118 | |
parent | 1d5c8cb96ad9a1a9f61991a19b1362142b074430 (diff) |
Replace abused mysql_escape_string with a regex check.
-rw-r--r-- | index.php | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -1,9 +1,9 @@ <?php session_start(); -if(isset($_REQUEST['lat'])) $lat = mysql_escape_string($_REQUEST['lat']); -if(isset($_REQUEST['lng'])) $lng = mysql_escape_string($_REQUEST['lng']); -if(isset($_REQUEST['res'])) $res = $_REQUEST['res']; +if(isset($_REQUEST['lat']) && preg_match('/^\-?[0-9\.]+$/', $_REQUEST['lat']) $lat = $_REQUEST['lat']; +if(isset($_REQUEST['lng']) && preg_match('/^\-?[0-9\.]+$/', $_REQUEST['lng']) $lng = $_REQUEST['lng']; +if(isset($_REQUEST['res']) && preg_match('/^[0-9]+$/', $_REQUEST['res'])) $res = $_REQUEST['res']; //default values if(empty($lat)) $lat=47.07102; |