From 987537fbdcaa38e572aa7c8dd5b589a16cc09315 Mon Sep 17 00:00:00 2001
From: Naomi <naomiaro@gmail.com>
Date: Fri, 10 May 2013 12:35:08 -0400
Subject: [PATCH] CC-5121 :fix some SQL statements not being escaped/prepared

---
 airtime_mvc/application/models/Subjects.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/airtime_mvc/application/models/Subjects.php b/airtime_mvc/application/models/Subjects.php
index cd220da88..4eb39a949 100644
--- a/airtime_mvc/application/models/Subjects.php
+++ b/airtime_mvc/application/models/Subjects.php
@@ -45,9 +45,11 @@ class Application_Model_Subjects
 
     public static function getLoginAttempts($login)
     {
-        $con = Propel::getConnection();
-        $sql = "SELECT login_attempts FROM cc_subjs WHERE login='$login'";
-        $res = $con->query($sql)->fetchColumn(0);
+        $sql = "SELECT login_attempts FROM cc_subjs WHERE login=:login";
+        $map = array(":login" => $login);
+        
+        $res = Application_Common_Database::prepareAndExecute($sql, $map,
+        		Application_Common_Database::COLUMN);
 
         return ($res !== false) ? $res : 0;
     }