$num_updated = $sth->rowCount();
if ($num_updated > 0 && $field == "unread") {
- $sth = $this->pdo->query("SELECT DISTINCT feed_id FROM ttrss_user_entries
+ $sth = $this->pdo->prepare("SELECT DISTINCT feed_id FROM ttrss_user_entries
WHERE ref_id IN ($article_qmarks)");
$sth->execute($article_ids);