R3944Realms/PlayerSync
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security vulnerability fix

Browse Source
This commit is contained in:
mlus 2024-05-19 12:39:11 +08:00
parent 37218c4c58
commit 201bf95ff5
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/main/java/vip/fubuki/playersync/sync/ChatSync.java
View File

@ -6,6 +6,8 @@ import net.minecraftforge.eventbus.api.SubscribeEvent;
import net.minecraftforge.fml.common.Mod;
import vip.fubuki.playersync.util.JDBCsetUp;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
@ -18,7 +20,14 @@ public class ChatSync {
@SubscribeEvent
public static void onPlayerChat(net.minecraftforge.event.ServerChatEvent event) throws SQLException {
JDBCsetUp.executeUpdate("INSERT INTO chat (player, message, timestamp) VALUES ('" + event.getUsername() + "', '" + event.getRawText() + "', '" + current + "')");
String sql = "INSERT INTO chat (player, message, timestamp) VALUES (?, ?, ?)";
try (Connection connection = JDBCsetUp.getConnection();
PreparedStatement preparedStatement = connection.prepareStatement(sql)) {
preparedStatement.setString(1, event.getUsername());
preparedStatement.setString(2, event.getRawText());
preparedStatement.setLong(3, current);
preparedStatement.executeUpdate();
}
}
@SubscribeEvent