From b72c53f68f3c222eb8965ae8674fb0f93507021a Mon Sep 17 00:00:00 2001
From: Stanislas Dolcini <stanislas.dolcini@devinci.fr>
Date: Tue, 2 Oct 2018 22:47:40 +0200
Subject: [PATCH] Do not reuse parameters variable names, just don't

---
 code/web/public_php/login/r2_login.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/code/web/public_php/login/r2_login.php b/code/web/public_php/login/r2_login.php
index 854c4feab..843f12b85 100755
--- a/code/web/public_php/login/r2_login.php
+++ b/code/web/public_php/login/r2_login.php
@@ -190,8 +190,8 @@ function checkUserValidity($login, $password, $clientApplication, $cp, &$id, &$r
     if (mysqli_num_rows($result) == 0) {
         if ($AcceptUnknownUser) {
             // login doesn't exist, create it
-            $password = mysqli_real_escape_string($link, $password);
-            $query = "INSERT INTO user (Login, Password) VALUES ('$login', '$password')";
+            $escaped_password = $mysqli->escape_string($password);
+            $query = "INSERT INTO user (Login, Password) VALUES ('$login', '$escaped_password')";
             $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
 
             // get the user to have his UId