aboutsummaryrefslogtreecommitdiff
path: root/src/game/GMTicketMgr.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/game/GMTicketMgr.h')
-rw-r--r--src/game/GMTicketMgr.h13
1 files changed, 10 insertions, 3 deletions
diff --git a/src/game/GMTicketMgr.h b/src/game/GMTicketMgr.h
index a7b7a02ea17..1fd4e4c3a8f 100644
--- a/src/game/GMTicketMgr.h
+++ b/src/game/GMTicketMgr.h
@@ -50,7 +50,10 @@ class GMTicket
{
m_text = text ? text : "";
m_lastUpdate = time(NULL);
- CharacterDatabase.PExecute("UPDATE character_ticket SET ticket_text = '%s' WHERE guid = '%u'", m_text.c_str(), m_guid);
+
+ std::string escapedString = m_text;
+ CharacterDatabase.escape_string(escapedString);
+ CharacterDatabase.PExecute("UPDATE character_ticket SET ticket_text = '%s' WHERE guid = '%u'", escapedString.c_str(), m_guid);
}
void DeleteFromDB() const
@@ -62,7 +65,11 @@ class GMTicket
{
CharacterDatabase.BeginTransaction();
DeleteFromDB();
- CharacterDatabase.PExecute("INSERT INTO character_ticket (guid, ticket_text) VALUES ('%u', '%s')", m_guid, GetText());
+
+ std::string escapedString = m_text;
+ CharacterDatabase.escape_string(escapedString);
+
+ CharacterDatabase.PExecute("INSERT INTO character_ticket (guid, ticket_text) VALUES ('%u', '%s')", m_guid, escapedString.c_str());
CharacterDatabase.CommitTransaction();
}
private:
@@ -115,4 +122,4 @@ class GMTicketMgr
};
#define ticketmgr Trinity::Singleton<GMTicketMgr>::Instance()
-#endif \ No newline at end of file
+#endif