From d643f3ada6f52cf4d53534f4fd78b60a91466bdd Mon Sep 17 00:00:00 2001
From: mauirixxx <mauirixxx@users.noreply.github.com>
Date: Sun, 21 May 2017 23:34:15 -1000
Subject: [PATCH] yup the sql statement forgot to escape some stuff

---
 gw-insert.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gw-insert.php b/gw-insert.php
index 6664d89..4ff12ac 100644
--- a/gw-insert.php
+++ b/gw-insert.php
@@ -12,7 +12,7 @@ if ($droptype == 1){
 	$attrib = mysqli_real_escape_string($con, $_POST['attribute']);
 	$weap = mysqli_real_escape_string($con, $_POST['weapon']);
 	$itname = mysqli_real_escape_string($con, $_POST['itemname']);
-	echo 'SQL code to run: "INSERT INTO `history` (historydate, charnameid, locationid, goldrec, itemreq, itemtype, itemattribute, itemrarity, itemname) VALUES	(\'$variable-date-of-treasure\', ' . $toonid . ', ' . $locid . ', ' . $gold . ', ' . $req . ', ' . $weap . ', '$variable-attribute-of-weapon', '$variable-rarity-of-weapon', '$variable-name-of-weapon');"<BR />';
+	echo "SQL code to run: \"INSERT INTO `history` (historydate, charnameid, locationid, goldrec, itemreq, itemtype, itemattribute, itemrarity, itemname) VALUES ('variable-date-of-treasure', $toonid, $locid, $gold, $req, $weap , 'variable-attribute-of-weapon', 'variable-rarity-of-weapon', 'variable-name-of-weapon');\"<BR />";
 	//echo '<BR />Well something broke somewhere!<BR />';
 } else if ($droptype == 2){
 	echo 'drop was a rare material!<BR />';