From 9b61f809fddd97f8484e0caf994207a55e5a5bd3 Mon Sep 17 00:00:00 2001
From: Josh <paintballrefjosh@gmail.com>
Date: Wed, 13 Dec 2017 11:01:37 -0600
Subject: [PATCH] Update account.register.php

Another good catch.  I made the same change here to use MySQLi real escape string instead.
---
 inc/account/account.register.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/account/account.register.php b/inc/account/account.register.php
index 07b2956..b8df32b 100644
--- a/inc/account/account.register.php
+++ b/inc/account/account.register.php
@@ -129,7 +129,7 @@ function Register()
 	}
 	
 	// Ext 3 - make sure the username isnt already in use
-	$zrlogin  = str_replace("'", "", $_POST['r_login']);
+	$zrlogin  = $DB->real_escape_string($_POST['r_login']);
 	if($Account->isAvailableUsername($zrlogin) == FALSE)
 	{
 		$notreturn = TRUE;