Closed vbrandl closed 7 years ago
We are aware of the improvements of prepared statements and are aware that this code is not very good. We have tried rewriting it all multiple times...
As an update to this the branch OOP https://github.com/Cyberbyte-Studios/CyberWorks/tree/oop was the start of it...
I saw you are not using prepared statements in CyberWorks. I didn't audit the code and from what I see, you are escaping the userinput, but it could be, that you forgot it somewhere. Also prepared statements perform faster than normal SQL queries.