arno/lychee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Escape

Browse Source
This commit is contained in:
Tobias Reich 2014-08-22 23:04:59 +02:00
parent 988a9075f3
commit 45cbf0c238
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
php/modules/Photo.php
View File

@ -215,6 +215,10 @@ class Photo extends Module {
# Check dependencies
self::dependencies(isset($this->database, $checksum));
# Escape
$checksum = mysqli_real_escape_string($this->database, $checksum);
if (isset($photoID)) $photoID = mysqli_real_escape_string($this->database, $photoID);
# Exclude $photoID from select when $photoID is set
if (isset($photoID)) $query = "SELECT id, url, thumbUrl FROM lychee_photos WHERE checksum = '$checksum' AND id <> '$photoID' LIMIT 1;";
else $query = "SELECT id, url, thumbUrl FROM lychee_photos WHERE checksum = '$checksum' LIMIT 1;";