Adds sanitization to custom item queries

This commit is contained in:
Krausus
2016-08-19 20:34:44 -04:00
parent 98989aa19c
commit d670aa4617
+1 -1
View File
@@ -3,7 +3,7 @@
return
// Grab the info we want.
var/DBQuery/query = dbcon.NewQuery("SELECT cuiPath, cuiPropAdjust, cuiJobMask, cuiDescription, cuiItemName FROM [format_table_name("customuseritems")] WHERE cuiCKey='[M.ckey]' AND (cuiRealName='[M.real_name]' OR cuiRealName='*')")
var/DBQuery/query = dbcon.NewQuery("SELECT cuiPath, cuiPropAdjust, cuiJobMask, cuiDescription, cuiItemName FROM [format_table_name("customuseritems")] WHERE cuiCKey='[M.ckey]' AND (cuiRealName='[sanitizeSQL(M.real_name)]' OR cuiRealName='*')")
query.Execute()
while(query.NextRow())