From 7a265593b8002780e7941703a412d9c2e2ff29d2 Mon Sep 17 00:00:00 2001
From: Mark Samman <mark.samman@gmail.com>
Date: Wed, 29 Oct 2014 19:35:19 +0100
Subject: [PATCH] Fix SQL injection in ipn.php

---
 ipn.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ipn.php b/ipn.php
index 2ffb09f..208b521 100644
--- a/ipn.php
+++ b/ipn.php
@@ -65,9 +65,9 @@
 	$payment_status   = $_POST['payment_status'];
 	$payment_amount   = $_POST['mc_gross'];
 	$payment_currency = $_POST['mc_currency'];
-	$txn_id           = $_POST['txn_id'];
-	$receiver_email   = $_POST['receiver_email'];
-	$payer_email      = $_POST['payer_email'];
+	$txn_id           = getValue($_POST['txn_id']);
+	$receiver_email   = getValue($_POST['receiver_email']);
+	$payer_email      = getValue($_POST['payer_email']);
 	$custom           = (int)$_POST['custom'];
 
 	$connectedIp = $_SERVER['REMOTE_ADDR'];