Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Use PDO and prepared statements in api/economy

master
Anonymous Contributor 2023-08-23 18:16:34 +02:00
parent 7190b78faf
commit 959dfc8d88
1 changed files with 7 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
api/economy.php
View File

@ -28,12 +28,6 @@
# updated for Robust installations: BlueWall 2011 # updated for Robust installations: BlueWall 2011
# further minor changes by justincc (http://justincc.org) # further minor changes by justincc (http://justincc.org)
# Settings
$dbhost = "172.21.0.10";
$dbname = "Robust";
$dbuser = "OpenSim";
$dbpass = "fhsgd63tg27d";
# Tables # Tables
$presence = "Presence"; $presence = "Presence";
@ -43,30 +37,19 @@
function validate_user($agent_id, $s_session_id) function validate_user($agent_id, $s_session_id)
{ {
global $dbhost, $dbuser, $dbpass, $dbname; $stmt = $RUNTIME['PDO']->prepare("SELECT UserID FROM Presence WHERE UserID=? AND SecureSessionID = ?");
$stmt->execute(array($agent_id, $s_session_id));
$agentid = mysql_escape_string($agent_id); if($stmt->rowCount() == 0) {
$sessionid = mysql_escape_string($s_session_id); return false;
}
$link = mysql_connect($dbhost, $dbuser, $dbpass) $res = $stmt->fetch();
or die('ERROR: '.mysql_error()); return $res['UserID'];
mysql_select_db($dbname);
$query = "select UserID from Presence where UserID='".$agentid."' and SecureSessionID = '".$sessionid."'";
$result = mysql_query($query)
or die('ERROR: '.mysql_error());
$row = mysql_fetch_assoc($result);
return $row['UserID'];
} }
function buy_land_prep($method_name, $params, $app_data) function buy_land_prep($method_name, $params, $app_data)
{ {
global $dbhost, $dbuser, $dbpass, $dbname;
$confirmvalue = ""; $confirmvalue = "";
$req = $params[0]; $req = $params[0];
$agentid = $req['agentId']; $agentid = $req['agentId'];