ok, i wish there would be a framework that wouldnt need database.
I cant believe you have done me like this 
@BM-CUSTOMS
since itās just you and your friends have you thought about just using vmenu?
very good stuff, but suggest you to change the way your scripts does their database executions.
They way you do iāll put an example bellow, is exploitable ā¦ ( i wont answer any DM asking how to exploit ā¦ only to author and how to solve it ).
QBCore.Functions.ExecuteSql(true, "SELECT * FROM `stashitems` WHERE `stash` = '"..stashId.."'",
that way is exploitable.
stash= āāā¦stashIdā¦āā"
1 Like
All queries will be prepared in an update coming very soon
1 Like
While this specific query is not that bad, since stashID is most likely not something a user can type, itās still a textbox SQL injection example.
@Kakarot
you should change all of them , you know 
iāll help with prs
@CritteR
Im not talking EXACTLY for the one with the stashidā¦ was the first one on my screen to show what i mean.
ghmattimysql handles it already; hereās a example:
Quite sure you can just port this over easily to the QBCore function, whats the difference anyway?
exports['ghmattimysql']:execute("SELECT * FROM `table` WHERE `key` = @value", {
["@value"] = 'a value'
}, function(result)
-- ...
end)
the qbcore function is just a sync wrapper that kash wrote; same as whatās in kashacters. Iāve already spoke to him about the queries and some other exploits but thereās a lot to go through 
we would still be using lambda and few other menus from client side but a basic money script where you could transfer money between players and would have a daily income would make the server much nicer.
gottcha i totally understand. I hope you find something to match your needs. From my experience its easy to identify what kind of server you want to create, and really really hard to keep the vision. Racing server slowly evolve to rp servers. for example.
1 Like
Thanks for the offer but Iāve already got the changes on my personal files so Iāll be pushing them soon 
afaik ghmattimysql already has such a wrapper?
Ye there is allot of them, there is a spreadsheet somewhere, I donāt have it anymore, but I guess you can easily google it, or maybe even look around on the forums, iirc it was made by someone called āNickChillClubā.
It has allot of exploitable NUI-callbacks and events.
I think Iāve fixed most of them in my version of QBCore (which Iām not going to PR, since I really opinionated and customized it 
), but I wouldnāt be suprised if thereās more xD
Whatās involved in being officially recognised?
1 Like
Yeah Iām aware, just saying what the function is. To be fair the code might outdate the sync wrapper (not sure when that was added) but thereās really no excuse for the unprepared sql statements and other exploits.
In this case it was a matter of the source code being leaked and sold in various places before getting released by one of its creators, and some license issues needing to be dealt with. Doesnāt really apply in any other cases.
anyone know where to find the seeds for the weed strains?
Use the Dealers:P
alrighty so the dealers give seeds as rewards and stuff gottcha, what resource controls that?
qb-drugs creates the drug delivering thingy
1 Like