Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-04-27 17:59:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: query blob param escape (#200)

Browse Source
This commit is contained in:
Gabriel Pedro 2022-07-30 16:47:44 -04:00 committed by GitHub
parent b6c8a0923f
commit d99f507244
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
system/libs/CreateCharacter.php
View File

@ -253,8 +253,10 @@ class CreateCharacter
} }
$loaded_items_to_copy = $db->query("SELECT * FROM player_items WHERE player_id = ".$char_to_copy->getId().""); $loaded_items_to_copy = $db->query("SELECT * FROM player_items WHERE player_id = ".$char_to_copy->getId()."");
foreach($loaded_items_to_copy as $save_item) foreach($loaded_items_to_copy as $save_item) {
$db->query("INSERT INTO `player_items` (`player_id` ,`pid` ,`sid` ,`itemtype`, `count`, `attributes`) VALUES ('".$player->getId()."', '".$save_item['pid']."', '".$save_item['sid']."', '".$save_item['itemtype']."', '".$save_item['count']."', '".$save_item['attributes']."');"); $blob = addslashes($save_item['attribute']);
$db->query("INSERT INTO `player_items` (`player_id` ,`pid` ,`sid` ,`itemtype`, `count`, `attributes`) VALUES ('".$player->getId()."', '".$save_item['pid']."', '".$save_item['sid']."', '".$save_item['itemtype']."', '".$save_item['count']."', '{$blob}');");
}
global $twig; global $twig;
$twig->display('success.html.twig', array( $twig->display('success.html.twig', array(