mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-09 06:06:09 +00:00
fix: potential SQL injection
This commit is contained in:
@@ -19,8 +19,8 @@ $user = $database->getUserArray($village['owner'],1);
|
||||
$atech="";
|
||||
$btech="";
|
||||
for($i=1; $i<9; $i++) {
|
||||
$atech.="a".$i."=".$_POST['a'.$i].", ";
|
||||
$btech.="b".$i."=".$_POST['b'.$i].(($i > 7) ? "" : ", ");
|
||||
$atech.="a".$i."=".$database->escape($_POST['a'.$i]).", ";
|
||||
$btech.="b".$i."=".$database->escape($_POST['b'.$i]).(($i > 7) ? "" : ", ");
|
||||
}
|
||||
|
||||
$q = "UPDATE ".TB_PREFIX."abdata SET ".$atech.$btech." WHERE vref = $id";
|
||||
|
||||
Reference in New Issue
Block a user