From 440e837f171fac9dfede12b378acf81e1dc60211 Mon Sep 17 00:00:00 2001
From: Rex LLC <64059802+rexllc@users.noreply.github.com>
Date: Tue, 7 Dec 2021 20:45:59 +0800
Subject: [PATCH] Added real_escape_string

---
 src/admin/function/EditKnowledgebase.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/admin/function/EditKnowledgebase.php b/src/admin/function/EditKnowledgebase.php
index 052d5b4..ef96c5e 100644
--- a/src/admin/function/EditKnowledgebase.php
+++ b/src/admin/function/EditKnowledgebase.php
@@ -5,8 +5,8 @@
 if(isset($_POST['submit'])){
 	$FormData = array(
 		'id' => $_POST['id'],
-		'subject' => $_POST['subject'],
-		'content' => $_POST['editor']
+		'subject' => $connect->real_escape_string($_POST['subject']),
+		'content' => $connect->real_escape_string($_POST['editor'])
 	);
 	$sql = mysqli_query($connect,"UPDATE `hosting_knowledgebase` SET `knowledgebase_subject`='".$FormData['subject']."',`knowledgebase_content`='".$FormData['content']."' WHERE `knowledgebase_id`='".$FormData['id']."'");
 	if($sql){
@@ -31,4 +31,4 @@
 else{
 	header('location: ../');
 }
-?>
\ No newline at end of file
+?>