diff options
| author | Dries Buytaert <dries@buytaert.net> | 2001-03-12 18:52:38 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2001-03-12 18:52:38 +0000 |
| commit | dfe85cca4a163f0e0eca284d8557460cdce2aaa9 (patch) | |
| tree | a6c8ea1561ba4244a4c4d63a218e1e4524361d06 | |
| parent | f96497e214a47a1cd7bea9f0792538abf7de93ec (diff) | |
| download | brdo-dfe85cca4a163f0e0eca284d8557460cdce2aaa9.tar.gz brdo-dfe85cca4a163f0e0eca284d8557460cdce2aaa9.tar.bz2 | |
- fixed small bug in submit.php
| -rw-r--r-- | submit.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/submit.php b/submit.php index e4bd2b4da..fb06dfc41 100644 --- a/submit.php +++ b/submit.php @@ -66,7 +66,7 @@ function submit_preview($subject, $abstract, $article, $section) { $output .= "<TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\">". check_textarea($article) ."</TEXTAREA><BR>\n"; $output .= "<SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html) .".</I></SMALL><P>\n"; - $duplicate = db_result(db_query("SELECT COUNT(id) FROM stories WHERE subject = '$subject'")); + $duplicate = db_result(db_query("SELECT COUNT(id) FROM stories WHERE subject = '". check_input($subject) ."'")); if (empty($subject)) { $output .= "<FONT COLOR=\"red\">". t("Warning: you did not supply a subject.") ."</FONT><P>\n"; |