Skip to content
Permalink
Browse files
Update editPlayer.php
Security Fix
  • Loading branch information
websecnl committed May 22, 2020
1 parent 1ade6fe commit d86ae6af77cc6bd0ff7d41899e3a6d6e5536fee4
Showing 1 changed file with 3 additions and 3 deletions.
@@ -12,12 +12,12 @@
$staffPerms = $_SESSION['perms'];
$user = $_SESSION['user'];

$uidPlayer = mysqli_real_escape_string($_POST['hidden']);
$guidPlayer = htmlspecialchars($_POST['guid']);

include 'verifyPanel.php';
masterconnect();

$guidPlayer = htmlspecialchars($_POST['guid']);
$uidPlayer = mysqli_real_escape_string($dbcon, $_POST['hidden']);

$sql = "SELECT * FROM `players` WHERE uid = '$uidPlayer'";
$result = mysqli_query($dbcon, $sql);
$player = $result->fetch_object();

0 comments on commit d86ae6a

Please sign in to comment.