|
@@ -41,7 +41,7 @@ class user extends Conexion_Mysql {
|
41
|
41
|
}
|
42
|
42
|
|
43
|
43
|
function validateUser($user="", $password="") {
|
44
|
|
- if ($this->ejecutarConsulta("SELECT id_user, login, password FROM ".$this->conf->tablePrefix."users WHERE login='".$user."' AND password='".$password."'")) {
|
|
44
|
+ if ($this->ejecutarConsulta("SELECT id_user, login, password FROM ".$this->conf->tablePrefix."users WHERE login='".sql_escape($user)."' AND password='".$password."'")) {
|
45
|
45
|
if ($this->contarRegistros()>0) {
|
46
|
46
|
$register=$this->obtenerRegistro();
|
47
|
47
|
$_SESSION['user_id']=$register["id_user"];
|