cyberpresidentvanellope/CHOMPStation2
1
0
Fork 0
mirror of https://github.com/CHOMPStation2/CHOMPStation2.git synced 2025-12-11 10:43:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

SQL injection fix.

Browse Source 
Google sanitizing sql input. almost every single article explains why you should never attempt to roll your own function to do this.
This commit is contained in:
MrStonedOne
2014-08-08 00:15:33 -07:00
committed by Mloc-Argent
parent f9a07a16ef
commit f396b94068
1 changed files with 1 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
code/__HELPERS/text.dm
View File

@@ -15,9 +15,7 @@
// Run all strings to be used in an SQL query through this proc first to properly escape out injection attempts.
/proc/sanitizeSQL(var/t as text)
var/sanitized_text = replacetext(t, "'", "\\'")
sanitized_text = replacetext(sanitized_text, "\"", "\\\"")
return sanitized_text
return dbcon.Quote(t);
/*
* Text sanitization