From: Pradeep Nayak <pradpnayak@gmail.com>
Date: Mon, 24 Aug 2015 21:15:29 +0000 (+0530)
Subject: CRM-16617, used safe approach method to generate create database query
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=65a138ebd5c06f87e1c56bea2fda0a253d427ee9;p=civicrm-core.git

CRM-16617, used safe approach method to generate create database query

----------------------------------------
* CRM-16617:
  https://issues.civicrm.org/jira/browse/CRM-16617
---

diff --git a/install/index.php b/install/index.php
index 354fc51cd7..87a45d6d4a 100644
--- a/install/index.php
+++ b/install/index.php
@@ -1096,7 +1096,8 @@ class InstallRequirements {
       return;
     }
     else {
-      if (@mysql_query("CREATE DATABASE $database")) {
+      $query = sprintf("CREATE DATABASE %s", mysql_real_escape_string($database));
+      if (@mysql_query($query)) {
         $okay = ts("Able to create a new database.");
       }
       else {
@@ -1228,8 +1229,8 @@ class Installer extends InstallRequirements {
       // skip if database already present
       return;
     }
-
-    if (@mysql_query("CREATE DATABASE $database")) {
+    $query = sprintf("CREATE DATABASE %s", mysql_real_escape_string($database));
+    if (@mysql_query($query)) {
     }
     else {
       $errorTitle = ts("Oops! Could not create database %1", array(1 => $database));