From 2c82255179718627a98ee7c4c8af42bfbe51635b Mon Sep 17 00:00:00 2001
From: Ilia Ross <ilia@ross.gdn>
Date: Tue, 10 Mar 2026 17:29:17 +0200
Subject: [PATCH] Fix MySQL save handlers with parameterized SQL deletes (#8)

---
 mysql/save_cpriv.cgi | 8 ++++----
 mysql/save_db.cgi    | 4 ++--
 mysql/save_host.cgi  | 4 ++--
 mysql/save_tpriv.cgi | 7 ++++---
 mysql/save_user.cgi  | 4 ++--
 mysql/save_vars.cgi  | 5 +++--
 6 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/mysql/save_cpriv.cgi b/mysql/save_cpriv.cgi
index 51d8a19ca..97d415f2e 100755
--- a/mysql/save_cpriv.cgi
+++ b/mysql/save_cpriv.cgi
@@ -11,10 +11,10 @@ if ($in{'delete'}) {
 	$access{'perms'} == 1 || &can_edit_db($in{'olddb'}) ||
 		&error($text{'perms_edb'});
 	&execute_sql_logged($master_db,
-		"delete from columns_priv where user = '$in{'olduser'}' ".
-		"and host = '$in{'oldhost'}' and db = '$in{'olddb'}' ".
-		"and table_name = '$in{'oldtable'}' ".
-		"and column_name = '$in{'oldfield'}'");
+		"delete from columns_priv where user = ? and host = ? ".
+		"and db = ? and table_name = ? and column_name = ?",
+		$in{'olduser'}, $in{'oldhost'}, $in{'olddb'},
+		$in{'oldtable'}, $in{'oldfield'});
 	}
 else {
 	# Validate inputs
diff --git a/mysql/save_db.cgi b/mysql/save_db.cgi
index bc5502ef3..0afed8a17 100755
--- a/mysql/save_db.cgi
+++ b/mysql/save_db.cgi
@@ -11,8 +11,8 @@ if ($in{'delete'}) {
 	$access{'perms'} == 1 || &can_edit_db($in{'olddb'}) ||
 		&error($text{'perms_edb'});
 	&execute_sql_logged($master_db,
-		"delete from db where user = '$in{'olduser'}' ".
-		"and host = '$in{'oldhost'}' and db = '$in{'olddb'}'");
+		"delete from db where user = ? and host = ? and db = ?",
+		$in{'olduser'}, $in{'oldhost'}, $in{'olddb'});
 	}
 else {
 	# Validate inputs
diff --git a/mysql/save_host.cgi b/mysql/save_host.cgi
index 911be69b6..c6006732e 100755
--- a/mysql/save_host.cgi
+++ b/mysql/save_host.cgi
@@ -11,8 +11,8 @@ if ($in{'delete'}) {
 	$access{'perms'} == 1 || &can_edit_db($in{'olddb'}) ||
 		&error($text{'perms_edb'});
 	&execute_sql_logged($master_db,
-		     "delete from host where host = '$in{'oldhost'}' ".
-		     "and db = '$in{'olddb'}'");
+		     "delete from host where host = ? and db = ?",
+		     $in{'oldhost'}, $in{'olddb'});
 	}
 else {
 	# Validate inputs
diff --git a/mysql/save_tpriv.cgi b/mysql/save_tpriv.cgi
index a7ff98bae..73cf99bf1 100755
--- a/mysql/save_tpriv.cgi
+++ b/mysql/save_tpriv.cgi
@@ -11,9 +11,10 @@ if ($in{'delete'}) {
 	$access{'perms'} == 1 || &can_edit_db($in{'olddb'}) ||
 		&error($text{'perms_edb'});
 	&execute_sql_logged($master_db,
-		"delete from tables_priv where user = '$in{'olduser'}' ".
-		"and host = '$in{'oldhost'}' and db = '$in{'olddb'}' ".
-		"and table_name = '$in{'oldtable'}'");
+		"delete from tables_priv where user = ? and host = ? ".
+		"and db = ? and table_name = ?",
+		$in{'olduser'}, $in{'oldhost'}, $in{'olddb'},
+		$in{'oldtable'});
 	}
 else {
 	# Validate inputs
diff --git a/mysql/save_user.cgi b/mysql/save_user.cgi
index d04dc9880..2bccbfaa7 100755
--- a/mysql/save_user.cgi
+++ b/mysql/save_user.cgi
@@ -9,8 +9,8 @@ $access{'perms'} == 1 || &error($text{'perms_ecannot'});
 if ($in{'delete'}) {
 	# Delete some user
 	&execute_sql_logged($master_db,
-		     "delete from user where user = '$in{'olduser'}' ".
-		     "and host = '$in{'oldhost'}'");
+		     "delete from user where user = ? and host = ?",
+		     $in{'olduser'}, $in{'oldhost'});
 	}
 else {
 	# Validate inputs
diff --git a/mysql/save_vars.cgi b/mysql/save_vars.cgi
index cb2ff5c19..dcd014772 100755
--- a/mysql/save_vars.cgi
+++ b/mysql/save_vars.cgi
@@ -10,9 +10,10 @@ if ($in{'save'} || !@d) {
 	# Update edited
 	$count = 0;
 	foreach $v (keys %in) {
-		if ($v =~ /^value_(\S+)$/) {
+		if ($v =~ /^value_([A-Za-z0-9_]+)$/) {
 			&execute_sql_logged($master_db,
-					    "set global $1 = '$in{$v}'");
+					    "set global $1 = ?",
+					    $in{$v});
 			$first ||= $1;
 			$count++;
 			}