Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Use PDO and prepared statements in api/economy

master
Anonymous Contributor 2023-08-23 18:16:34 +02:00
parent 7190b78faf
commit 959dfc8d88
1 changed files with 7 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
api/economy.php
View File

@ -28,12 +28,6 @@
# updated for Robust installations: BlueWall 2011
# further minor changes by justincc (http://justincc.org)
# Settings
$dbhost = "172.21.0.10";
$dbname = "Robust";
$dbuser = "OpenSim";
$dbpass = "fhsgd63tg27d";
# Tables
$presence = "Presence";
@ -43,30 +37,19 @@
function validate_user($agent_id, $s_session_id)
{
global $dbhost, $dbuser, $dbpass, $dbname;
$stmt = $RUNTIME['PDO']->prepare("SELECT UserID FROM Presence WHERE UserID=? AND SecureSessionID = ?");
$stmt->execute(array($agent_id, $s_session_id));
$agentid = mysql_escape_string($agent_id);
$sessionid = mysql_escape_string($s_session_id);
if($stmt->rowCount() == 0) {
return false;
}
$link = mysql_connect($dbhost, $dbuser, $dbpass)
or die('ERROR: '.mysql_error());
mysql_select_db($dbname);
$query = "select UserID from Presence where UserID='".$agentid."' and SecureSessionID = '".$sessionid."'";
$result = mysql_query($query)
or die('ERROR: '.mysql_error());
$row = mysql_fetch_assoc($result);
return $row['UserID'];
$res = $stmt->fetch();
return $res['UserID'];
}
function buy_land_prep($method_name, $params, $app_data)
{
global $dbhost, $dbuser, $dbpass, $dbname;
$confirmvalue = "";
$req = $params[0];
$agentid = $req['agentId'];