Subj : Quick reminder..
To   : Spectre
From : Tracker1
Date : Sun Oct 01 2023 17:52:58

 Vo>> ----cut me here---- You have an error in your SQL syntax; check the
 Vo>> manual that corresponds to your MySQL server version for the right
 Vo>> syntax to use near 's Lair'' at line 2 ----cut me here----

 Sp> Uh? No comprende... my sql is pretty rudimentry at best.. you'll have to
 Sp> fill me in on what you were using to get the error.

You aren't sanitizing input via escapes or parameterized queries... so, someone inputting something like : "Spectre's Lair" for a BBS name will escape in your SQL...

This means, I could enter something like "'; delete * from Users; --" and maliciously attack your mysql server.

Whatever language you are using for your server-side code, do a search for parameterized queries and sanitizing database input.  Also read up on SQL Injection Attack.
  
   
--    
Michael J. Ryan    
+o roughneckbbs.com   
tracker1@roughneckbbs.com
--- SBBSecho 3.15-Linux
 * Origin: Roughneck BBS - roughneckbbs.com (21:3/149)

.