Fix: Escape chars for name comparsion in sql query (#305)

wopox1337 · web-flow · commit 08cb9426c2cc · 2023-12-05T10:26:54.000+03:00
diff --git a/cstrike/addons/amxmodx/scripting/CA_Storage_GameCMS.sma b/cstrike/addons/amxmodx/scripting/CA_Storage_GameCMS.sma
@@ -514,7 +514,7 @@ GameCMS_GetAdminID(const id) {
   new name_safe[MAX_NAME_LENGTH * 2]
   SQL_QuoteString(Empty_Handle, name_safe, charsmax(name_safe), name)
 
-  formatex(g_query, charsmax(g_query), "SELECT id FROM admins WHERE (name = '%s' or name = '%s') LIMIT 1;",
+  formatex(g_query, charsmax(g_query), "SELECT id FROM admins WHERE (name = '%s' or name = \"%s\") LIMIT 1;",
     authID, name_safe
   )
 

Original file line number	Diff line number	Diff line change
`@@ -514,7 +514,7 @@ GameCMS_GetAdminID(const id) {`
`514`	`514`	`new name_safe[MAX_NAME_LENGTH * 2]`
`515`	`515`	`SQL_QuoteString(Empty_Handle, name_safe, charsmax(name_safe), name)`
`516`	`516`
`517`		`- formatex(g_query, charsmax(g_query), "SELECT id FROM admins WHERE (name = '%s' or name = '%s') LIMIT 1;",`
	`517`	`+ formatex(g_query, charsmax(g_query), "SELECT id FROM admins WHERE (name = '%s' or name = \"%s\") LIMIT 1;",`
`518`	`518`	`authID, name_safe`
`519`	`519`	`)`
`520`	`520`