Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CC-5121: fix some SQL statements not being escaped/prepared

This commit is contained in:
denise 2013-05-09 16:07:34 -04:00
parent 8cd8d0922f
commit afb24c37ab
1 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
airtime_mvc/application/models/StoredFile.php
View File

@ -1177,12 +1177,7 @@ WHERE (id != -2
AND (soundcloud_upload_time >= (now() - (INTERVAL '1 day'))) AND (soundcloud_upload_time >= (now() - (INTERVAL '1 day')))
SQL; SQL;
$params = array( $rows = Application_Common_Database::prepareAndExecute($sql);
':id1' => -2,
':id2' => -3
);
$rows = Application_Common_Database::prepareAndExecute($sql, $params,
Application_Common_Database::ALL);
return count($rows); return count($rows);
} catch (Exception $e) { } catch (Exception $e) {