#SQL injection risk

1 messages · Page 1 of 1 (latest)

main fog
#

09:40:26 PM [ script:oxmysql] Error: cw-racingapp was unable to execute a query!
09:40:26 PM [ script:oxmysql] Query: UPDATE racer_names SET races = races + 1, wins = wins + 1 WHERE racername = "Misaka "The Autistic""
09:40:26 PM [ script:oxmysql] []
09:40:26 PM [ script:oxmysql] You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'The Autistic""' at line 1

The script doesn't stop players from using quotation marks at all,
version : Latest
framework : esx legacy 1.10.7

#

It seems this error came up during account creation but didn't stop it

obsidian zenith
#

Sanitizing the input before sending the query will probably fix this. Lemme do some magic