Escape username and password in setup
This should not be a big issue since only privileged users should be
able to reach the setup, but it's good to have nevertheless.
Using prepared statements seemed unfortunately not possibly, so I had to
choose `mysqli_real_escape_string`.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Please register or sign in to comment