2021-06-30, 01:30 PM
It is possible for someone to register a username containing a literal, as in user'96. In at least one instance a plugin query results in an error when an apostrophe appears in the username.
Is there a MyBB function which sanitizes usernames for queries, or is use of a literal not a good idea but not currently filtered out during registration?
SELECT uid, username FROM mybb_users WHERE username LIKE 'bi%' AND username NOT IN ('user'96')
Is there a MyBB function which sanitizes usernames for queries, or is use of a literal not a good idea but not currently filtered out during registration?