mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-12 23:56:08 +00:00
fix: remove SQL injections in Admin
This commit is contained in:
@@ -14,7 +14,11 @@ mysqli_select_db(SQL_DB);
|
||||
if (!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
|
||||
|
||||
$uid = $_POST['uid'];
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
$uid = (int) $_POST['uid'];
|
||||
$topic = $_POST['topic'];
|
||||
$message = $_POST['message'];
|
||||
$time = time();
|
||||
|
||||
Reference in New Issue
Block a user