Prepare statements for sql queries, use (int) to avoid nonint inputs

foin137 / werwolfonline.eu

www.werwolfonline.eu

http://www.werwolfonline.eu/info

GNU General Public License v3.0

20 stars 11 forks source link

Prepare statements for sql queries, use (int) to avoid nonint inputs #5

Closed foin137 closed 4 years ago

foin137 commented 4 years ago

The goal of this edit is to prevent sql injection. For string inputs like player name -> prepare sql statements. For other inputs that are integers -> cast to int via (int)