mySQL injection attack protection

[GoogleCodeExporter]

In some cases the users input is handed directly to the database. This is 
very bad. We found issues in the comment system and also in the additional 
info field on the addaride page.

Original issue reported on code.google.com by arlo.pho...@gmail.com on 14 Oct 2008 at 9:47

[GoogleCodeExporter]

I made a class which removes changes html special characters and now these are 
changed before they are stored in the db. For the cases mentioned above this 
resolves the issue. More work should be done to make sure everything else is 
safe 
but I cant be bothered.

Original comment by arlo.pho...@gmail.com on 14 Oct 2008 at 9:49

• Changed state: Fixed