Fixed PDO query to prepared statement in API::updateArticles.

[tt-rss.git] / classes / api.php

diff --git a/classes/api.php b/classes/api.php
index ad0372dbf4d294223f04c04c0e34a6fedd5cc9f5..8ffa74d9e2f87914c17ca54f31fdf1d9e787f564 100644 (file)
--- a/classes/api.php
+++ b/classes/api.php
@@ -297,7 +297,7 @@ class API extends Handler {
                        $num_updated = $sth->rowCount();
 
                        if ($num_updated > 0 && $field == "unread") {
-                               $sth = $this->pdo->query("SELECT DISTINCT feed_id FROM ttrss_user_entries
+                               $sth = $this->pdo->prepare("SELECT DISTINCT feed_id FROM ttrss_user_entries
                                        WHERE ref_id IN ($article_qmarks)");
                                $sth->execute($article_ids);