From 0e6a5e4efb4fbe6215034f9e65e6cf3bf78ffb56 Mon Sep 17 00:00:00 2001 From: Alwin Arrasyid Date: Wed, 1 Oct 2025 09:50:34 +0700 Subject: [PATCH] fix(Scripts/Commands): escape string before query on go creature command (#23036) --- src/server/scripts/Commands/cs_go.cpp | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/server/scripts/Commands/cs_go.cpp b/src/server/scripts/Commands/cs_go.cpp index 0e6bca422..5f2e5a51d 100644 --- a/src/server/scripts/Commands/cs_go.cpp +++ b/src/server/scripts/Commands/cs_go.cpp @@ -137,10 +137,7 @@ public: // Make sure we don't pass double quotes into the SQL query. Otherwise it causes a MySQL error std::string str = name.data(); // Making subtractions to the last character does not with in string_view - if (str.front() == '"') - str = str.substr(1); - if (str.back() == '"') - str = str.substr(0, str.size() - 1); + WorldDatabase.EscapeString(str); QueryResult result = WorldDatabase.Query("SELECT entry FROM creature_template WHERE name = \"{}\" LIMIT 1", str); if (!result)