PDA

View Full Version : [BUG} clancp.php


animedj
03-14-2005, 11:22 AM
so this bug when an user was trying to join a clan, he was using a single quote in the group's name field and the database was throwing an error.

find in clancp.php

$clanage = $DB_site->query_first("SELECT * FROM ".TABLE_PREFIX."rpg_clan WHERE title='$title' AND pass='$pickclan'");

add before that


$title = mysql_real_escape_string($title);
$pickclan = mysql_real_escape_string($pickclan);

Revan
03-14-2005, 12:01 PM
I was under the impression this was already fixed pre release.
You see my HDD has had some problems and I lost some work at least 4 times, this would then be one of those situations.
I will modify the code and upload a fix in 1h from writing this message.