diff options
author | Haru <haru@dotalux.com> | 2016-08-16 01:31:41 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-08-16 01:31:41 +0200 |
commit | 225f499e1eae19946af8fb9347286a99bab99ac2 (patch) | |
tree | 10056ec226bed643fdba43db540ac4fa6f1aa255 /src/char | |
parent | a737812d7ceadb8ee02dae88131b968f459c0fe3 (diff) | |
parent | 5e2d5385617644a4ff02074ef213c72fc33f1fe3 (diff) | |
download | hercules-225f499e1eae19946af8fb9347286a99bab99ac2.tar.gz hercules-225f499e1eae19946af8fb9347286a99bab99ac2.tar.bz2 hercules-225f499e1eae19946af8fb9347286a99bab99ac2.tar.xz hercules-225f499e1eae19946af8fb9347286a99bab99ac2.zip |
Merge pull request #1400 from 4144/sqlfix
Add missing sql escapes in char server
Diffstat (limited to 'src/char')
-rw-r--r-- | src/char/char.c | 2 | ||||
-rw-r--r-- | src/char/inter.c | 7 |
2 files changed, 6 insertions, 3 deletions
diff --git a/src/char/char.c b/src/char/char.c index 51411791e..2851d3eba 100644 --- a/src/char/char.c +++ b/src/char/char.c @@ -805,7 +805,7 @@ int char_memitemdata_to_sql(const struct item items[], int max, int id, int tabl StrBuf->Printf(&buf, "UPDATE `%s` SET `amount`='%d', `equip`='%u', `identify`='%d', `refine`='%d',`attribute`='%d', `expire_time`='%u', `bound`='%d'", tablename, items[i].amount, items[i].equip, items[i].identify, items[i].refine, items[i].attribute, items[i].expire_time, items[i].bound); for (j = 0; j < MAX_SLOTS; ++j) - StrBuf->Printf(&buf, ", `card%d`=%d", j, items[i].card[j]); + StrBuf->Printf(&buf, ", `card%d`='%d'", j, items[i].card[j]); if (has_favorite) StrBuf->Printf(&buf, ", `favorite`='%d'", items[i].favorite); StrBuf->Printf(&buf, " WHERE `id`='%d' LIMIT 1", item.id); diff --git a/src/char/inter.c b/src/char/inter.c index 756ae32c7..5fb35e6aa 100644 --- a/src/char/inter.c +++ b/src/char/inter.c @@ -572,6 +572,7 @@ void mapif_parse_accinfo2(bool success, int map_fd, int u_fd, int u_aid, int acc **/ void inter_savereg(int account_id, int char_id, const char *key, unsigned int index, intptr_t val, bool is_string) { + char val_esq[1000]; nullpo_retv(key); /* to login server we go! */ if( key[0] == '#' && key[1] == '#' ) {/* global account reg */ @@ -583,7 +584,8 @@ void inter_savereg(int account_id, int char_id, const char *key, unsigned int in } else if ( key[0] == '#' ) {/* local account reg */ if( is_string ) { if( val ) { - if( SQL_ERROR == SQL->Query(inter->sql_handle, "REPLACE INTO `%s` (`account_id`,`key`,`index`,`value`) VALUES ('%d','%s','%u','%s')", acc_reg_str_db, account_id, key, index, (char*)val) ) + SQL->EscapeString(inter->sql_handle, val_esq, (char*)val); + if( SQL_ERROR == SQL->Query(inter->sql_handle, "REPLACE INTO `%s` (`account_id`,`key`,`index`,`value`) VALUES ('%d','%s','%u','%s')", acc_reg_str_db, account_id, key, index, val_esq) ) Sql_ShowDebug(inter->sql_handle); } else { if( SQL_ERROR == SQL->Query(inter->sql_handle, "DELETE FROM `%s` WHERE `account_id` = '%d' AND `key` = '%s' AND `index` = '%u' LIMIT 1", acc_reg_str_db, account_id, key, index) ) @@ -601,7 +603,8 @@ void inter_savereg(int account_id, int char_id, const char *key, unsigned int in } else { /* char reg */ if( is_string ) { if( val ) { - if( SQL_ERROR == SQL->Query(inter->sql_handle, "REPLACE INTO `%s` (`char_id`,`key`,`index`,`value`) VALUES ('%d','%s','%u','%s')", char_reg_str_db, char_id, key, index, (char*)val) ) + SQL->EscapeString(inter->sql_handle, val_esq, (char*)val); + if( SQL_ERROR == SQL->Query(inter->sql_handle, "REPLACE INTO `%s` (`char_id`,`key`,`index`,`value`) VALUES ('%d','%s','%u','%s')", char_reg_str_db, char_id, key, index, val_esq) ) Sql_ShowDebug(inter->sql_handle); } else { if( SQL_ERROR == SQL->Query(inter->sql_handle, "DELETE FROM `%s` WHERE `char_id` = '%d' AND `key` = '%s' AND `index` = '%u' LIMIT 1", char_reg_str_db, char_id, key, index) ) |