bug 1138: Avoid double escaping
authorMichael Tänzer <neo@nhng.de>
Wed, 30 Apr 2014 21:29:24 +0000 (23:29 +0200)
committerMichael Tänzer <neo@nhng.de>
Thu, 1 May 2014 00:11:07 +0000 (02:11 +0200)
Yes it's ugly but should be fixed in a separate bug

Signed-off-by: Michael Tänzer <neo@nhng.de>
includes/account.php

index 7fc5ef2..ab30813 100644 (file)
@@ -151,7 +151,7 @@ function buildSubjectFromSession() {
                        exit;
                }
                $hash = make_hash();
-               $query = "insert into `email` set `email`='".mysql_real_escape_string($_REQUEST['email'])."',`memid`='".intval($_SESSION['profile']['id'])."',`created`=NOW(),`hash`='$hash'";
+               $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".intval($_SESSION['profile']['id'])."',`created`=NOW(),`hash`='$hash'";
                mysql_query($query);
                $emailid = mysql_insert_id();