Closed ta2edchimp closed 9 years ago
in classes/Battle.php, line 607
If provided by the user, the value of intval($options['count']) may allow an SQL injection attack. Avoid concatenating parameters to SQL query strings, and use parameter binding instead.
intval($options['count'])
$limit = isset($options["count"]) && is_int($options["count"]) ? (" limit " . intval($options["count"])) : "";
in classes/Battle.php, line 607