[svn r21163] Added escape string to $display['display'] - partial FS#4269

17 years ago · bc67bd3ad8
parent 335c279ab1
commit bc67bd3ad8
1 changed files with 1 additions and 1 deletions
--- a/main/gradebook/lib/scoredisplay.class.php
+++ b/main/gradebook/lib/scoredisplay.class.php
@ -199,7 +199,7 @@ class ScoreDisplay
 			if ($count > 0) {
 				$sql .= ',';				
 			}
-			$sql .= "(NULL, '".$display['score']."', '".$display['display']."')";
+			$sql .= "(NULL, '".$display['score']."', '".Database::escape_string($display['display'])."')";
 			$count++;
 		}
 		api_sql_query($sql, __FILE__, __LINE__);