Securize SQL queries

2013-07-12 07:58:46 +00:00 · 2013-07-12 07:58:46 +00:00 · 8bfd7925ce
commit 8bfd7925ce
parent 1fbedb00e7
3 changed files with 6 additions and 4 deletions
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/CDBI.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/CDBI.pm
@ -29,7 +29,8 @@ sub load {
    my ( $self, $cfgNum, $fields ) = @_;
    $fields = $fields ? join( ",", @$fields ) : '*';
    my $row = $self->_dbh->selectrow_arrayref(
-        "SELECT data from " . $self->{dbiTable} . " WHERE cfgNum=$cfgNum" );
+        "SELECT data from " . $self->{dbiTable} . " WHERE cfgNum=?",
+        {}, $cfgNum );
    unless ($row) {
        $self->logError;
        return 0;
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DBI.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DBI.pm
@ -33,7 +33,8 @@ sub load {
    my ( $self, $cfgNum, $fields ) = @_;
    $fields = $fields ? join( ",", @$fields ) : '*';
    my $row = $self->_dbh->selectrow_hashref(
-        "SELECT $fields from " . $self->{dbiTable} . " WHERE cfgNum=$cfgNum" );
+        "SELECT $fields from " . $self->{dbiTable} . " WHERE cfgNum=?",
+        {}, $cfgNum );
    unless ($row) {
        $self->logError;
        return 0;
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/_DBI.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/_DBI.pm
@ -114,8 +114,8 @@ sub unlock {

 sub delete {
    my ( $self, $cfgNum ) = @_;
-    $self->_dbh->do(
-        "DELETE from " . $self->{dbiTable} . " WHERE cfgNum=$cfgNum" );
+    $self->_dbh->do( "DELETE from " . $self->{dbiTable} . " WHERE cfgNum=?",
+        {}, $cfgNum );
 }

 sub logError {