mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-13 08:06:06 +00:00
fix: remove SQL injections in Admin
This commit is contained in:
@@ -18,7 +18,11 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$id = $_POST['id'];
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."fdata SET
|
||||
f1 = '".$_POST['id1level']."',
|
||||
|
||||
Reference in New Issue
Block a user