From c2e0dd657c79148d421f507d75b5f2134e293495 Mon Sep 17 00:00:00 2001
From: Matthijs <msin2@me.com>
Date: Mon, 12 Jan 2015 17:26:15 +0100
Subject: [PATCH] Update api.php

I'd do it like so. To prevent SQL injections. You never know when someone has a bad day ;)
---
 api/api.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/api.php b/api/api.php
index 0043df3..ef7bc6a 100644
--- a/api/api.php
+++ b/api/api.php
@@ -12,7 +12,7 @@ function get_mysql() {
     }
 
     function add($uuid, $reason) {
-        get_mysql()->query("insert into bans (uuid, date, reason) values ('$uuid', '" . date("Y-m-d H:i:s") . "', '$reason')");
+        get_mysql()->query("insert into bans (uuid, date, reason) values ('$uuid', '" . date("Y-m-d H:i:s") . "', '".get_mysql()->real_escape_string($reason)."')");
     }
 
     function remove($uuid) {
@@ -22,4 +22,4 @@ function remove($uuid) {
     function get($uuid) {
         return get_mysql()->query("select * from bans where uuid = '$uuid'")->fetch_assoc();
     }
-?>
\ No newline at end of file
+?>