diff options
author | Erik Schilling <ablu.erikschilling@gmail.com> | 2014-02-03 22:02:35 +0100 |
---|---|---|
committer | Erik Schilling <ablu.erikschilling@gmail.com> | 2014-02-03 22:02:35 +0100 |
commit | 8b7642932dffeb7e6d8a90d656791b4ff3ba15f7 (patch) | |
tree | 0e1554d6812c8b194496283f8534be8c1d896a25 | |
parent | b75c2b5e651373c01f3bc2b1fbb2127620f20ecc (diff) | |
download | manaserv-8b7642932dffeb7e6d8a90d656791b4ff3ba15f7.tar.gz manaserv-8b7642932dffeb7e6d8a90d656791b4ff3ba15f7.tar.bz2 manaserv-8b7642932dffeb7e6d8a90d656791b4ff3ba15f7.tar.xz manaserv-8b7642932dffeb7e6d8a90d656791b4ff3ba15f7.zip |
Fixed SQL Injection
-rw-r--r-- | src/account-server/storage.cpp | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/account-server/storage.cpp b/src/account-server/storage.cpp index 25e75182..656dfad9 100644 --- a/src/account-server/storage.cpp +++ b/src/account-server/storage.cpp @@ -988,8 +988,7 @@ void Storage::flush(Account *account) << " (user_id, name, gender, hair_style, hair_color," << " char_pts, correct_pts," << " x, y, map_id, slot) values (" - << account->getID() << ", \"" - << character->getName() << "\", " + << account->getID() << ", ?, " << character->getGender() << ", " << (int)character->getHairStyle() << ", " << (int)character->getHairColor() << ", " @@ -1001,7 +1000,9 @@ void Storage::flush(Account *account) << character->getCharacterSlot() << ");"; - mDb->execSql(sqlInsertCharactersTable.str()); + mDb->prepareSql(sqlInsertCharactersTable.str()); + mDb->bindValue(1, character->getName()); + mDb->processSql(); // Update the character ID. character->setDatabaseID(mDb->getLastId()); |