public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-20 08:31:29 +00:00
Code Issues Releases Wiki Activity

completeLabels: use prepare() not query()

Browse Source
This commit is contained in:
Andrew Dolgov
2017-12-03 09:06:43 +03:00
parent ed5cd6eae5
commit 731ecac530
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
classes/rpc.php
View File

@@ -334,7 +334,7 @@ class RPC extends Handler_Protected {
function completeLabels() { function completeLabels() {
$search = $_REQUEST["search"]; $search = $_REQUEST["search"];
$sth = $this->pdo->query("SELECT DISTINCT caption FROM $sth = $this->pdo->prepare("SELECT DISTINCT caption FROM
ttrss_labels2 ttrss_labels2
WHERE owner_uid = ? AND WHERE owner_uid = ? AND
LOWER(caption) LIKE LOWER(?) ORDER BY caption LOWER(caption) LIKE LOWER(?) ORDER BY caption