CC-5121: fix some SQL statements not being escaped/prepared

2013-05-09 16:07:34 -04:00 · 2013-05-09 16:07:34 -04:00 · afb24c37ab
parent 8cd8d0922f
commit afb24c37ab
1 changed files with 1 additions and 6 deletions
--- a/airtime_mvc/application/models/StoredFile.php
+++ b/airtime_mvc/application/models/StoredFile.php
@ -1177,12 +1177,7 @@ WHERE (id != -2
  AND (soundcloud_upload_time >= (now() - (INTERVAL '1 day')))
 SQL;

-            $params = array(
-                ':id1' => -2,
-                ':id2' => -3
-            );
-            $rows = Application_Common_Database::prepareAndExecute($sql, $params,
-                Application_Common_Database::ALL);
+            $rows = Application_Common_Database::prepareAndExecute($sql);

            return count($rows);
        } catch (Exception $e) {