Title: [Plugin: ProPlayer] SQL inyection
Last modified: August 19, 2016

---

# [Plugin: ProPlayer] SQL inyection

 *  [Covi](https://wordpress.org/support/users/covi/)
 * (@covi)
 * [15 years, 1 month ago](https://wordpress.org/support/topic/plugin-proplayer-sql-inyection/)
 * I’m looking for include a token (nonce) in this file for prevent SQL Injection;
   any know this?
 * [http://st4ck-3rr0r.blogspot.com/2010/12/wp-proplayer-plugin-blind-sql-inyection.html](http://st4ck-3rr0r.blogspot.com/2010/12/wp-proplayer-plugin-blind-sql-inyection.html)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [ca0s](https://wordpress.org/support/users/ca0s/)
 * (@ca0s)
 * [15 years, 1 month ago](https://wordpress.org/support/topic/plugin-proplayer-sql-inyection/#post-1991046)
 * I reported it to its author but no response was received.
    You can fix it by 
   editing playlist-controller.php at line 164, replacing:
 * `$xml = $playlistController->getPlaylist($_GET["pp_playlist_id"]);`
 * with
 * `$xml = $playlistController->getPlaylist(mysql_real_escape_string($_GET["pp_playlist_id"]));`
 * Hope it helps you.
 *  Thread Starter [Covi](https://wordpress.org/support/users/covi/)
 * (@covi)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/plugin-proplayer-sql-inyection/#post-1991140)
 * If what you get is a number, is not this better?:
    `$xml = $playlistController-
   >getPlaylist(abs((int) $_GET["pp_playlist_id"]));`

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘[Plugin: ProPlayer] SQL inyection’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/proplayer.svg)
 * [ProPlayer](https://wordpress.org/plugins/proplayer/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/proplayer/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/proplayer/)
 * [Active Topics](https://wordpress.org/support/plugin/proplayer/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/proplayer/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/proplayer/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [Covi](https://wordpress.org/support/users/covi/)
 * Last activity: [14 years, 3 months ago](https://wordpress.org/support/topic/plugin-proplayer-sql-inyection/#post-1991140)
 * Status: not resolved