quote SQL input
This commit is contained in:
parent
6cf9edf051
commit
1bbcee1fdf
|
@ -96,16 +96,16 @@ while (my $line = <>) {
|
||||||
}
|
}
|
||||||
if ($line =~ m/data-line/ && $data eq '.' && $ooo{$sid} == 1) {
|
if ($line =~ m/data-line/ && $data eq '.' && $ooo{$sid} == 1) {
|
||||||
dolog($fh, "$sid to: $email, from: $from", $opt_l);
|
dolog($fh, "$sid to: $email, from: $from", $opt_l);
|
||||||
my $sth = doquery(qq{SELECT subject,body FROM vacation WHERE email='$email' and active=1});
|
my $sth = doquery(qq{SELECT subject,body FROM vacation WHERE email=} . $dbh->quote($email) . qq{ and active=1});
|
||||||
my $rv = $sth->rows;
|
my $rv = $sth->rows;
|
||||||
if ($rv == 1) {
|
if ($rv == 1) {
|
||||||
dolog($fh, "$sid found OOO for $email", $opt_l);
|
dolog($fh, "$sid found OOO for $email", $opt_l);
|
||||||
my @vacation_msg = $sth->fetchrow_array;
|
my @vacation_msg = $sth->fetchrow_array;
|
||||||
$sth = doquery(qq{SELECT cache FROM vacation WHERE email='$email' AND FIND_IN_SET('$from',cache)});
|
$sth = doquery(qq{SELECT cache FROM vacation WHERE email=} . $dbh->quote($email) . qq{AND FIND_IN_SET(} . $dbh->quote($from) . qq{,cache)});
|
||||||
$rv = $sth->rows;
|
$rv = $sth->rows;
|
||||||
if ($rv == 0) {
|
if ($rv == 0) {
|
||||||
dolog($fh, "$sid sending OOO to $from", $opt_l);
|
dolog($fh, "$sid sending OOO to $from", $opt_l);
|
||||||
$sth = doquery(qq{UPDATE vacation SET cache=CONCAT(cache,',','$from') WHERE email='$email'});
|
$sth = doquery(qq{UPDATE vacation SET cache=CONCAT(cache,',',} . $dbh->quote($from) . qq{) WHERE email=} . $dbh->quote($email));
|
||||||
open my $fh_email, "|-", "/usr/sbin/sendmail -t";
|
open my $fh_email, "|-", "/usr/sbin/sendmail -t";
|
||||||
print $fh_email "From: $email\n";
|
print $fh_email "From: $email\n";
|
||||||
print $fh_email "To: $from\n";;
|
print $fh_email "To: $from\n";;
|
||||||
|
|
Loading…
Reference in New Issue