diff options
| author | Falk Huber <falk.huber@t-systems.com> | 2016-01-08 09:41:19 +0100 |
|---|---|---|
| committer | Falk Huber <falk.huber@t-systems.com> | 2016-01-08 09:41:19 +0100 |
| commit | 5c5ee9e953dd0caf978630b1c3147447d6cb58a7 (patch) | |
| tree | 61d45d66eec1e7d8139feb7c5ffe06df6feafc62 | |
| parent | 439c70054d789f9bd288f20bd59039778487a9b7 (diff) | |
| download | adodb-5c5ee9e953dd0caf978630b1c3147447d6cb58a7.tar.gz adodb-5c5ee9e953dd0caf978630b1c3147447d6cb58a7.tar.bz2 adodb-5c5ee9e953dd0caf978630b1c3147447d6cb58a7.zip | |
Cast $nrows and $offset to to prevent SQL injection
| -rw-r--r-- | adodb.inc.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/adodb.inc.php b/adodb.inc.php index 09b5d38d..4507bb9c 100644 --- a/adodb.inc.php +++ b/adodb.inc.php @@ -1516,7 +1516,7 @@ if (!defined('_ADODB_LAYER')) { '/(^\s*select\s)/i','\\1 '.$this->hasTop.' '.((integer)$nrows).' ',$sql); } } else { - $nn = $nrows + $offset; + $nn = ((integer)$nrows) + ((integer)$offset); if ($isaccess || $ismssql) { $sql = preg_replace( '/(^\s*select\s+(distinctrow|distinct)?)/i','\\1 '.$this->hasTop.' '.$nn.' ',$sql); |