animedj
03-14-2005, 11:22 AM
so this bug when an user was trying to join a clan, he was using a single quote in the group's name field and the database was throwing an error.
find in clancp.php
$clanage = $DB_site->query_first("SELECT * FROM ".TABLE_PREFIX."rpg_clan WHERE title='$title' AND pass='$pickclan'");
add before that
$title = mysql_real_escape_string($title);
$pickclan = mysql_real_escape_string($pickclan);
find in clancp.php
$clanage = $DB_site->query_first("SELECT * FROM ".TABLE_PREFIX."rpg_clan WHERE title='$title' AND pass='$pickclan'");
add before that
$title = mysql_real_escape_string($title);
$pickclan = mysql_real_escape_string($pickclan);