Please don't ever use
%s or
%N to put a name into a ServerCommand. It's incredibly unsafe.
Let's say their name is "
SomeName; quit" ->
ServerCommand("sm_disarm %N", ...) ->
ServerCommand("sm_disarm SomeName; quit"); which will send the quit command to the server. Alternatively they can call themselves "
SomeName; rcon_password lol" and suddenly they've changed your RCON password.
There are a few ways to combat this, but the easiest (if you can't use a native instead) is to provide a UserID to the ServerCommand instead of a name.
PHP Code:
new someuserid = GetClientUserId(client);
ServerCommand("sm_disarm #%d", someuserid);
__________________