summaryrefslogtreecommitdiff
path: root/src/account-server/storage.cpp
diff options
context:
space:
mode:
authorErik Schilling <ablu.erikschilling@gmail.com>2014-02-03 22:02:35 +0100
committerErik Schilling <ablu.erikschilling@gmail.com>2014-02-03 22:02:35 +0100
commit8b7642932dffeb7e6d8a90d656791b4ff3ba15f7 (patch)
tree0e1554d6812c8b194496283f8534be8c1d896a25 /src/account-server/storage.cpp
parentb75c2b5e651373c01f3bc2b1fbb2127620f20ecc (diff)
downloadmanaserv-8b7642932dffeb7e6d8a90d656791b4ff3ba15f7.tar.gz
manaserv-8b7642932dffeb7e6d8a90d656791b4ff3ba15f7.tar.bz2
manaserv-8b7642932dffeb7e6d8a90d656791b4ff3ba15f7.tar.xz
manaserv-8b7642932dffeb7e6d8a90d656791b4ff3ba15f7.zip
Fixed SQL Injection
Diffstat (limited to 'src/account-server/storage.cpp')
-rw-r--r--src/account-server/storage.cpp7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/account-server/storage.cpp b/src/account-server/storage.cpp
index 25e75182..656dfad9 100644
--- a/src/account-server/storage.cpp
+++ b/src/account-server/storage.cpp
@@ -988,8 +988,7 @@ void Storage::flush(Account *account)
<< " (user_id, name, gender, hair_style, hair_color,"
<< " char_pts, correct_pts,"
<< " x, y, map_id, slot) values ("
- << account->getID() << ", \""
- << character->getName() << "\", "
+ << account->getID() << ", ?, "
<< character->getGender() << ", "
<< (int)character->getHairStyle() << ", "
<< (int)character->getHairColor() << ", "
@@ -1001,7 +1000,9 @@ void Storage::flush(Account *account)
<< character->getCharacterSlot()
<< ");";
- mDb->execSql(sqlInsertCharactersTable.str());
+ mDb->prepareSql(sqlInsertCharactersTable.str());
+ mDb->bindValue(1, character->getName());
+ mDb->processSql();
// Update the character ID.
character->setDatabaseID(mDb->getLastId());
generated by cgit v1.2.3-60-g2f50 (git 2.42.0) at 2024-06-28 00:00:00 +0000