Home Explore Help
Register Sign In
NSHkD
/
Gazelle
forked from Oppaitime/Gazelle
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Limit title length

spaghetti 7 years ago
parent
853ceb48b2
commit
a8ff5bf577
1 changed files with 7 additions and 5 deletions
Split View Show Diff Stats
  1. 7
    5
      sections/store/title.php

+ 7
- 5
sections/store/title.php View File 

@@ -1,6 +1,8 @@
1 1 
 <?
2 2 
 if (isset($_POST['title'])) {
3 3
4 
+  if (strlen($_POST['title']) > 30) error("Title too long");
5 
+
4 6 
   $Title = htmlspecialchars($_POST['title'], ENT_QUOTES);
5 7
6 8 
   $UserID = $LoggedUser['ID'];
 
@@ -17,12 +19,12 @@ if (isset($_POST['title'])) {
17 19 
       $DB->query("
18 20 
         UPDATE users_main
19 21 
         SET BonusPoints = BonusPoints - 50000,
20 
-            Title       = '$Title'
21 
-        WHERE ID = $UserID");
22 
+            Title = ?
23 
+        WHERE ID = ?", $Title, $UserID);
22 24 
       $DB->query("
23 25 
         UPDATE users_info
24 
-        SET AdminComment = CONCAT('".sqltime()." - Changed title to $Title via the store\n\n', AdminComment)
25 
-        WHERE UserID = $UserID");
26 
+        SET AdminComment = CONCAT(NOW(), ' - Changed title to ', ?, ' via the store\n\n', AdminComment)
27 
+        WHERE UserID = ?", $Title, $UserID);
26 28 
       $Cache->delete_value('user_info_'.$UserID);
27 29 
       $Cache->delete_value('user_info_heavy_'.$UserID);
28 30 
 
@@ -52,7 +54,7 @@ if (isset($_POST['title'])) {
52 54 
           Enter the title you want
53 55 
         </strong>
54 56 
         <br>
55 
-        <input type="text" name="title" value="">
57 
+        <input type="text" name="title" maxlength="30" value="">
56 58 
         <input type="submit">
57 59 
       </form>
58 60 
       <p><a href="/store.php">Back to Store</a></p>

Write Preview
Loading…
Cancel
Save