--- fenglin/bbs/article_service_post.php	2025/04/23 05:51:23	1.1
+++ fenglin/bbs/article_service_post.php	2025/04/25 07:12:12	1.3
@@ -624,7 +624,8 @@
 			$sql = "UPDATE bbs SET reply_count = reply_count + 1,
 					last_reply_dt = NOW(), last_reply_UID=" . $_SESSION["BBS_uid"] .
 					", last_reply_username = '" . $_SESSION["BBS_username"] .
-					"', last_reply_nickname = '$nickname' WHERE Aid = $tid";
+					"', last_reply_nickname = '" . mysqli_real_escape_string($db_conn, $nickname) .
+					"' WHERE Aid = $tid";
 
 			$rs = mysqli_query($db_conn, $sql);
 			if ($rs == false)