Update editPlayer.php

Security Fix
websecnl · May 22, 2020 · d86ae6a · d86ae6a
1 parent 1ade6fe
commit d86ae6a
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/editPlayer.php b/editPlayer.php
@@ -12,12 +12,12 @@
 $staffPerms = $_SESSION['perms'];
 $user = $_SESSION['user'];
 
-$uidPlayer = mysqli_real_escape_string($_POST['hidden']);
-$guidPlayer = htmlspecialchars($_POST['guid']);
-
 include 'verifyPanel.php';
 masterconnect();
 
+$guidPlayer = htmlspecialchars($_POST['guid']);
+$uidPlayer = mysqli_real_escape_string($dbcon, $_POST['hidden']);
+
 $sql = "SELECT * FROM `players` WHERE uid = '$uidPlayer'";
 $result = mysqli_query($dbcon, $sql);
 $player = $result->fetch_object();