From: immanuelfodor <immanuelfactor+ttrss@gmail.com>
Date: Tue, 2 Jan 2018 06:30:22 +0000 (+0000)
Subject: binding statement named param instead of positional replacement
X-Git-Tag: 18.8~88^2
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=09be7cdd73b20b5449678f352a2d710d4767e6b1;p=tt-rss.git

binding statement named param instead of positional replacement
---

diff --git a/classes/digest.php b/classes/digest.php
index 83f39a86..75dda498 100644
--- a/classes/digest.php
+++ b/classes/digest.php
@@ -132,12 +132,14 @@ class Digest
 				ref_id = ttrss_entries.id AND feed_id = ttrss_feeds.id
 				AND include_in_digest = true
 				AND $interval_qpart
-				AND ttrss_user_entries.owner_uid = ?
+				AND ttrss_user_entries.owner_uid = :user_id
 				AND unread = true
 				AND score >= 0
 			ORDER BY ttrss_feed_categories.title, ttrss_feeds.title, score DESC, date_updated DESC
-			LIMIT ?");
-		$sth->execute([$user_id, $limit]);
+			LIMIT :limit");
+		$sth->bindParam(':user_id', intval($user_id, 10), \PDO::PARAM_INT);
+		$sth->bindParam(':limit', intval($limit, 10), \PDO::PARAM_INT);
+		$sth->execute();
 
 		$headlines_count = 0;
 		$headlines = array();