sanitising

author: Cassio de Campos <cassiopc@gmail.com> 2017-07-31 19:29:41 +0000
committer: Cassio de Campos <cassiopc@gmail.com> 2017-07-31 19:29:41 +0000
commit: 00de0ce0817f36b5acba70362a4c30c8fa7aaf11 (patch)
tree: a1212e95b472d75687741132d9055e416a558830 /src/fanswer.php
parent: e90144b4cc0feba26ee2f972b032c44d187b6bff (diff)
download: boca-00de0ce0817f36b5acba70362a4c30c8fa7aaf11.tar.gz
boca-00de0ce0817f36b5acba70362a4c30c8fa7aaf11.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/fanswer.php b/src/fanswer.php
index c53843d..8f2c95b 100644
--- a/src/fanswer.php
+++ b/src/fanswer.php
@@ -63,7 +63,7 @@ function DBDeleteAnswer($contest,$param,$c=null) {
 	$ac=array('number');
 	foreach($ac as $key) {
 		if(!isset($param[$key])) return false;
-		$$key = sanitizeText($param[$key]);
+		$$key = myhtmlspecialchars($param[$key]);
 	}
 
 	$cw = false;
@@ -106,7 +106,7 @@ function DBNewAnswer($contest, $param, $c=null) {
 			MSGError("DBNewAnswer param error: $key is not set");
 			return false;
 		}
-		$$key = sanitizeText($param[$key]);
+		$$key = myhtmlspecialchars($param[$key]);
 		if(isset($type[$key]) && !is_numeric($param[$key])) {
 			MSGError("DBNewAnswer param error: $key is not numeric");
 			return false;
author	Cassio de Campos <cassiopc@gmail.com>	2017-07-31 19:29:41 +0000
committer	Cassio de Campos <cassiopc@gmail.com>	2017-07-31 19:29:41 +0000
commit	00de0ce0817f36b5acba70362a4c30c8fa7aaf11 (patch)
tree	a1212e95b472d75687741132d9055e416a558830 /src/fanswer.php
parent	e90144b4cc0feba26ee2f972b032c44d187b6bff (diff)
download	boca-00de0ce0817f36b5acba70362a4c30c8fa7aaf11.tar.gz boca-00de0ce0817f36b5acba70362a4c30c8fa7aaf11.zip