$err1[] = 'Database already exists.';
}
} else {
- $msg1[] = 'Database `'.$dbname.'` created.';
+ $msg1[] = 'Database `'.htmlentities($dbname).'` created.';
}
$i_newdb = $dbname;
return array($msg1, $err1);
$dropdbs = array_keys($i_drop);
foreach($dropdbs as $dbname) {
if ($User->delDB($dbname)) {
- $msg1[] = 'Database `'.$dbname.'` dropped.';
+ $msg1[] = 'Database `'.htmlentities($dbname).'` dropped.';
} else {
$err1[] = mysql_error();
}