Skip to content
Permalink
Browse files Browse the repository at this point in the history
SQL Injection fix
  • Loading branch information
prennings authored and prennings committed Dec 22, 2014
1 parent 0feeea4 commit 0a60b31
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions ingame/roulette.php
Expand Up @@ -80,11 +80,11 @@

// user won
if ($numberWon == $numberPlayer) {
$dbCon->query('UPDATE users SET cash = (cash + "' . (int) ($_POST['gambleMoney'] * 36) . '") WHERE id = "' . $userData['id'] . '"');
$dbCon->query('UPDATE users SET cash = (cash + "' . (int) (addslashes($_POST['gambleMoney']) * 36) . '") WHERE id = "' . $userData['id'] . '"');
$tpl->assign('success', 'Je hebt de roulette gewonnen je wint 36x je inzet!');
} else {
// user lost
$dbCon->query('UPDATE users SET cash = (cash - "' . $_POST['gambleMoney'] . '") WHERE id = "' . $userData['id'] . '"');
$dbCon->query('UPDATE users SET cash = (cash - "' . (int) addslashes($_POST['gambleMoney']) . '") WHERE id = "' . $userData['id'] . '"');
$tpl->assign('form_error', 'Helaas je hebt verloren, gelukkig heb je alleen je inzet verloren!');
}
}
Expand Down

0 comments on commit 0a60b31

Please sign in to comment.