From 09be7cdd73b20b5449678f352a2d710d4767e6b1 Mon Sep 17 00:00:00 2001 From: immanuelfodor Date: Tue, 2 Jan 2018 06:30:22 +0000 Subject: [PATCH] binding statement named param instead of positional replacement --- classes/digest.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/classes/digest.php b/classes/digest.php index 83f39a86..75dda498 100644 --- a/classes/digest.php +++ b/classes/digest.php @@ -132,12 +132,14 @@ class Digest ref_id = ttrss_entries.id AND feed_id = ttrss_feeds.id AND include_in_digest = true AND $interval_qpart - AND ttrss_user_entries.owner_uid = ? + AND ttrss_user_entries.owner_uid = :user_id AND unread = true AND score >= 0 ORDER BY ttrss_feed_categories.title, ttrss_feeds.title, score DESC, date_updated DESC - LIMIT ?"); - $sth->execute([$user_id, $limit]); + LIMIT :limit"); + $sth->bindParam(':user_id', intval($user_id, 10), \PDO::PARAM_INT); + $sth->bindParam(':limit', intval($limit, 10), \PDO::PARAM_INT); + $sth->execute(); $headlines_count = 0; $headlines = array(); -- 2.39.5