CC-5121: fix some SQL statements not being escaped/prepared

2013-05-09 15:53:12 -04:00 · 2013-05-09 15:53:12 -04:00 · 40eb51b892
commit 40eb51b892
parent 21df9013ee
7 changed files with 87 additions and 65 deletions
--- a/airtime_mvc/application/models/User.php
+++ b/airtime_mvc/application/models/User.php
@ -297,10 +297,10 @@ class Application_Model_User

    public static function getUserCount()
    {
-        $con = Propel::getConnection();
        $sql_gen = "SELECT count(*) AS cnt FROM cc_subjs";

-        $query = $con->query($sql_gen)->fetchColumn(0);
+        $query = Application_Common_Database::prepareAndExecute($sql_gen, array(), 
+            Application_Common_Database::COLUMN);

        return ($query !== false) ? $query : null;
    }