metin-server/m2dev-server-src
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

db: escape async string query inputs

Browse Source
This commit is contained in:
server
2026-04-13 23:00:45 +02:00
parent fce6268129
commit 63dac27b47
5 changed files with 42 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/db/GuildManager.cpp
View File

@@ -1404,12 +1404,13 @@ bool CGuildManager::Bet(DWORD dwID, const char * c_pszLogin, DWORD dwGold, DWORD
itertype(m_map_kWarReserve) it = m_map_kWarReserve.find(dwID);
char szQuery[1024];
const std::string escapedLogin = CDBManager::instance().EscapeStringCopy(c_pszLogin, c_pszLogin ? strlen(c_pszLogin) : 0);
if (it == m_map_kWarReserve.end())
{
sys_log(0, "WAR_RESERVE: Bet: cannot find reserve war by id %u", dwID);
snprintf(szQuery, sizeof(szQuery), "INSERT INTO item_award (login, vnum, socket0, given_time) VALUES('%s', %d, %u, NOW())",
c_pszLogin, ITEM_ELK_VNUM, dwGold);
escapedLogin.c_str(), ITEM_ELK_VNUM, dwGold);
CDBManager::instance().AsyncQuery(szQuery);
return false;
}
@@ -1418,7 +1419,7 @@ bool CGuildManager::Bet(DWORD dwID, const char * c_pszLogin, DWORD dwGold, DWORD
{
sys_log(0, "WAR_RESERVE: Bet: cannot bet id %u, login %s, gold %u, guild %u", dwID, c_pszLogin, dwGold, dwGuild);
snprintf(szQuery, sizeof(szQuery), "INSERT INTO item_award (login, vnum, socket0, given_time) VALUES('%s', %d, %u, NOW())",
c_pszLogin, ITEM_ELK_VNUM, dwGold);
escapedLogin.c_str(), ITEM_ELK_VNUM, dwGold);
CDBManager::instance().AsyncQuery(szQuery);
return false;
}