From: Pradeep Nayak <pradpnayak@gmail.com>
Date: Mon, 24 Aug 2015 21:15:29 +0000 (+0530)
Subject: CRM-16617, used safe approach method to generate create database query
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=c4799e35f3e5ff27afa48025797feefe4cb01a84;p=civicrm-core.git

CRM-16617, used safe approach method to generate create database query

----------------------------------------
* CRM-16617:
  https://issues.civicrm.org/jira/browse/CRM-16617
---

diff --git a/install/index.php b/install/index.php
index 0295b7c6f7..313a91d25f 100644
--- a/install/index.php
+++ b/install/index.php
@@ -1159,7 +1159,8 @@ class InstallRequirements {
       return;
     }
     else {
-      if (@mysql_query("CREATE DATABASE $database")) {
+      $query = sprintf("CREATE DATABASE %s", mysql_real_escape_string($database));
+      if (@mysql_query($query)) {
         $okay = ts("Able to create a new database.");
       }
       else {
@@ -1291,8 +1292,8 @@ class Installer extends InstallRequirements {
       // skip if database already present
       return;
     }
-
-    if (@mysql_query("CREATE DATABASE $database")) {
+    $query = sprintf("CREATE DATABASE %s", mysql_real_escape_string($database));
+    if (@mysql_query($query)) {
     }
     else {
       $errorTitle = ts("Oops! Could not create database %1", array(1 => $database));