fix: remove SQL injections in Admin

This commit is contained in:
Martin Ambrus
2017-10-19 21:17:11 +02:00
parent 529bb2209c
commit 331885a110
74 changed files with 327 additions and 221 deletions
+5 -1
View File
@@ -14,7 +14,11 @@ mysqli_select_db(SQL_DB);
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
$uid = $_POST['uid'];
foreach ($_POST as $key => $value) {
$_POST[$key] = $database->escape($value);
}
$uid = (int) $_POST['uid'];
$topic = $_POST['topic'];
$message = $_POST['message'];
$time = time();