View Single Post
lokizito
Veteran Member
Join Date: Dec 2010
Location: Brazil
Old 04-26-2011 , 18:56   [CS:S] RankMe
Reply With Quote #6

Quote:
Originally Posted by psychonic View Post
@ lokizito

I highly suggest reading up on SQL_EscapeString.

You cannot safely toss data provided by a user (such as name) directly into a query.

I advise against anyone running this until the injection holes are fixed.
Really thank you psychonic. I know that I need to it (due to programming PHP) but I've totally forgot about it.
EDIT: Already fixed, but, wouldn't be enough just Replace the ' with nothing as i was doing?

Quote:
Originally Posted by krispx View Post
lokizito, when hostage Rescued, the chat write bomb defuse
Thanks, I copied the part from bomb defuse and forgot to rewrite.

Fixing...

EDIT: Fixed. The fixed version is on the first post.

Last edited by lokizito; 04-26-2011 at 20:30.
lokizito is offline