is it possible for this part of this script to get an SQL injection?
input @upper_hg$;
if(query_sql("SELECT `view` from `item_db` where `equip_locations` = 256 and `id` ='"+@upper_hg$+"'") == 0)
{ mes "No headgear was found";
close; }
else {
query_sql "SELECT `view` from `item_db` where `equip_locations` = 256 and `id` ='"+@upper_hg$+"'", ouchoice;
query_sql "SELECT `name_japanese` from `item_db` where `equip_locations` = 256 and `view` ='"+ouchoice+"'", UFS$;
Question
ays297
is it possible for this part of this script to get an SQL injection?
Link to comment
Share on other sites
5 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.