From 72fd102e57a1c9478ee43d650d417fc4f4c4f087 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Mon, 2 Jan 2023 14:54:49 +0000
Subject: [PATCH] SQL Escape tech username. The username is added to most log
 entries meaning that a simple apostrophe in the name breaks all logging for
 the user

---
 check_login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/check_login.php b/check_login.php
index 1597527b..e24efb6a 100644
--- a/check_login.php
+++ b/check_login.php
@@ -32,7 +32,7 @@ $session_user_id = $_SESSION['user_id'];
 
 $sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
 $row = mysqli_fetch_array($sql);
-$session_name = $row['user_name'];
+$session_name = mysqli_real_escape_string($mysqli, $row['user_name']);
 $session_email = $row['user_email'];
 $session_avatar = $row['user_avatar'];
 $session_token = $row['user_token'];