From: JustAMacUser Date: Sat, 2 Dec 2017 19:08:55 +0000 (-0500) Subject: Fixed PDO query to prepared statement in API::updateArticles. X-Git-Tag: 17.12~38^2 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=1a0521093360d1f9d799aa9e954f91cfce1ada60;p=tt-rss.git Fixed PDO query to prepared statement in API::updateArticles. --- diff --git a/classes/api.php b/classes/api.php index ad0372db..8ffa74d9 100644 --- a/classes/api.php +++ b/classes/api.php @@ -297,7 +297,7 @@ class API extends Handler { $num_updated = $sth->rowCount(); if ($num_updated > 0 && $field == "unread") { - $sth = $this->pdo->query("SELECT DISTINCT feed_id FROM ttrss_user_entries + $sth = $this->pdo->prepare("SELECT DISTINCT feed_id FROM ttrss_user_entries WHERE ref_id IN ($article_qmarks)"); $sth->execute($article_ids);