projects / civicrm-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ad04c60)
CRM-16617, used safe approach method to generate create database query
authorPradeep Nayak <pradpnayak@gmail.com>
Mon, 24 Aug 2015 21:15:29 +0000 (02:45 +0530)
committerPradeep Nayak <pradpnayak@gmail.com>
Fri, 11 Sep 2015 18:53:05 +0000 (00:23 +0530)
----------------------------------------
* CRM-16617:
  https://issues.civicrm.org/jira/browse/CRM-16617

install/index.php patch | blob | blame | history

diff --git a/install/index.php b/install/index.php
index 354fc51cd7e87a44d5a7990289a7d6c3f44256a2..87a45d6d4ab49f18b0463d3a08129063eb5e8f1a 100644 (file)
--- a/install/index.php
+++ b/install/index.php
@@ -1096,7 +1096,8 @@ class InstallRequirements {
       return;
     }
     else {
-      if (@mysql_query("CREATE DATABASE $database")) {
+      $query = sprintf("CREATE DATABASE %s", mysql_real_escape_string($database));
+      if (@mysql_query($query)) {
         $okay = ts("Able to create a new database.");
       }
       else {
@@ -1228,8 +1229,8 @@ class Installer extends InstallRequirements {
       // skip if database already present
       return;
     }
-
-    if (@mysql_query("CREATE DATABASE $database")) {
+    $query = sprintf("CREATE DATABASE %s", mysql_real_escape_string($database));
+    if (@mysql_query($query)) {
     }
     else {
       $errorTitle = ts("Oops! Could not create database %1", array(1 => $database));