From 590892348a5f534e6721506109dbf174f03cc9bd Mon Sep 17 00:00:00 2001 From: Martin Ambrus Date: Fri, 20 Oct 2017 00:52:47 +0200 Subject: [PATCH] fix: potential SQL injection --- GameEngine/Admin/Mods/addABTroops.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/GameEngine/Admin/Mods/addABTroops.php b/GameEngine/Admin/Mods/addABTroops.php index 8f1abf0b..94d84a18 100755 --- a/GameEngine/Admin/Mods/addABTroops.php +++ b/GameEngine/Admin/Mods/addABTroops.php @@ -19,8 +19,8 @@ $user = $database->getUserArray($village['owner'],1); $atech=""; $btech=""; for($i=1; $i<9; $i++) { - $atech.="a".$i."=".$_POST['a'.$i].", "; - $btech.="b".$i."=".$_POST['b'.$i].(($i > 7) ? "" : ", "); + $atech.="a".$i."=".$database->escape($_POST['a'.$i]).", "; + $btech.="b".$i."=".$database->escape($_POST['b'.$i]).(($i > 7) ? "" : ", "); } $q = "UPDATE ".TB_PREFIX."abdata SET ".$atech.$btech." WHERE vref = $id";