Context Navigation

index.php

Timestamp:

Nov 27, 2009, 4:54:48 PM (14 years ago)

Author:

roby

Message:

prova di modifica iniziale

File:

-              r2
+              r10
 if (isset($param['tipo_cons'])) $tipo_cons=intval($param['tipo_cons']); else $tipo_cons='';
 if (isset($param['descr_circ'])) $descr_circ=intval($param['descr_circ']); else $descr_circ='';
+# anti-xss nov. 2009
+$id_comune=htmlentities($id_comune);
+$id_comune=intval($id_comune);
+$perc=floatval($perc);
+$perc_lista=floatval($perc_lista);
+$datipdf= htmlentities($datipdf);
+$op= htmlentities($op);
+$info= htmlentities($info);
+$files=htmlentities($files);
+$lettera=htmlentities($lettera);
+$ordine=htmlentities($ordine);
 $res = mysql_query("SELECT id_conf FROM ".$prefix."_ele_cons_comune where id_cons_gen='$id_cons_gen' and id_comune='$id_comune'" , $dbi);

Note: See TracChangeset for help on using the changeset viewer.