On Tue, May 10, 2011 at 09:01:29PM -0700, elij wrote: > the query was being performed when $id was not set, resulting in an > invalid sql query being performed. > --- > web/lib/acctfuncs.inc | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc > index 5bcff8b..b2f0548 100644 > --- a/web/lib/acctfuncs.inc > +++ b/web/lib/acctfuncs.inc > @@ -786,6 +786,9 @@ function valid_passwd( $userID, $passwd ) > */ > function user_suspended( $id ) > { > + if (!$id) { > + return false; > + } > $dbh = db_connect(); > $q = "SELECT Suspended FROM Users WHERE ID = " . $id; > $result = db_query($q, $dbh);
Looks ok, but I'd rather say we should locate the code path that led to the unset parameter and add some additional validation there to avoid further unexpected behaviour.