Quote:
Originally Posted by psychonic
@ lokizito
I highly suggest reading up on SQL_EscapeString.
You cannot safely toss data provided by a user (such as name) directly into a query.
I advise against anyone running this until the injection holes are fixed.
|
Really thank you psychonic. I know that I need to it (due to programming PHP) but I've totally forgot about it.
EDIT: Already fixed, but, wouldn't be enough just Replace the ' with nothing as i was doing?
Quote:
Originally Posted by krispx
lokizito, when hostage Rescued, the chat write bomb defuse
|
Thanks, I copied the part from bomb defuse and forgot to rewrite.
Fixing...
EDIT: Fixed. The fixed version is on the first post.