From 22a250b5d280018cccc4ea564037d83bd94efa85 Mon Sep 17 00:00:00 2001
From: Rudi Grinberg <rudi.grinberg@sourcefabric.org>
Date: Fri, 7 Sep 2012 11:52:57 -0400
Subject: [PATCH] cc-4347: PDOOO

---
 airtime_mvc/application/models/Show.php | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/airtime_mvc/application/models/Show.php b/airtime_mvc/application/models/Show.php
index fcadb9ee4..293178d36 100644
--- a/airtime_mvc/application/models/Show.php
+++ b/airtime_mvc/application/models/Show.php
@@ -355,14 +355,22 @@ SQL;
         $uncheckedDaysImploded = implode(",", $daysRemovedUTC);
         $showId = $this->getId();
 
+        $esc_uncheckedDays = pg_escape_string($uncheckedDaysImploded);
         $timestamp = gmdate("Y-m-d H:i:s");
 
-        $sql = "DELETE FROM cc_show_instances"
-            ." WHERE EXTRACT(DOW FROM starts) IN ($uncheckedDaysImploded)"
-            ." AND starts > TIMESTAMP '$timestamp'"
-            ." AND show_id = $showId";
+        $sql = <<<SQL
+DELETE
+FROM cc_show_instances
+WHERE EXTRACT(DOW FROM starts) IN ($esc_uncheckedDays)
+  AND starts > :timestamp::TIMESTAMP
+  AND show_id = :showId
+SQL;
 
-        $con->exec($sql);
+        Application_Common_Database::prepareAndExecute( $sql,
+            array(
+                ":timestamp" => $timestamp,
+                ":showId"    => $showId,
+            ), "execute");
     }
 
     /**