From b6bb4c13dfe7d4c7c67b335acb87c4e2894b3e9b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20L=C3=B8vbr=C3=B8tte=20Olsen?=
 <daniel.olsen99@gmail.com>
Date: Mon, 16 May 2016 11:53:55 +0200
Subject: [PATCH] escape sql strings

---
 blomzt/main.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/blomzt/main.php b/blomzt/main.php
index 126af19..e6f85a0 100644
--- a/blomzt/main.php
+++ b/blomzt/main.php
@@ -90,10 +90,11 @@ function TableExists($table, $conn) {
 }
 
 function addToTable($lat, $lon, $url, $table, $conn) {
+	$lat = mysqli_real_escape_string($conn, $lat);
+	$lon = mysqli_real_escape_string($conn, $lon);
 	settype($lat, "double");
 	settype($lon, "double"); 
 	$sql = "INSERT INTO `" . $table . "` (`id`, `location`, `url`, `date_added`) VALUES (NULL, GeomFromText('POINT(" . $lon ." " . $lat . ")',4326), 'test', CURRENT_TIMESTAMP)";
-	//$sql = mysqli_real_escape_string($conn, $sql);
 	//printf($sql);
 	$res = mysqli_query($conn, $sql);
 	//($res) ? printf("true") : printf("false");