function registerHandler(thePlayer, username, password)
local account = getAccount(username, password)
-- you need this
username = mysql_escape_string(handler, username)
password = mysql_escape_string(handler, username)
-- because i can put in password string "';[My Custom SQL Query been execute, lol]'"
local query = "SELECT * FROM accounts WHERE username=\'"..username.."\' and password=\'"..password.."\';"
local result = mysql_query(handler, query)
-- ...
end
in 65 line you have
"INSERT INTO accounts (username, password, ip, srial, registerDate) ..."
srial? maybe "serial"