completeLabels: use prepare() not query()

author Andrew Dolgov <noreply@fakecake.org>

Sun, 3 Dec 2017 06:06:43 +0000 (09:06 +0300)

committer Andrew Dolgov <noreply@fakecake.org>

Sun, 3 Dec 2017 06:06:43 +0000 (09:06 +0300)
author Andrew Dolgov <noreply@fakecake.org>
Sun, 3 Dec 2017 06:06:43 +0000 (09:06 +0300)
committer Andrew Dolgov <noreply@fakecake.org>
Sun, 3 Dec 2017 06:06:43 +0000 (09:06 +0300)
diff --git a/classes/rpc.php b/classes/rpc.php

index dd592b4d46010633076fa3fdfd78b8228523dc24..cc036736fb37f78fc8b647e5112cccad83bdc76c 100755 (executable)
--- a/classes/rpc.php
+++ b/classes/rpc.php
@@ -334,7 +334,7 @@ class RPC extends Handler_Protected {
         function completeLabels() {
                 $search = $_REQUEST["search"];
  
-               $sth = $this->pdo->query("SELECT DISTINCT caption FROM
+               $sth = $this->pdo->prepare("SELECT DISTINCT caption FROM
                                 ttrss_labels2
                                 WHERE owner_uid = ? AND
                                 LOWER(caption) LIKE LOWER(?) ORDER BY caption
author	Andrew Dolgov <noreply@fakecake.org>
	Sun, 3 Dec 2017 06:06:43 +0000 (09:06 +0300)
committer	Andrew Dolgov <noreply@fakecake.org>
	Sun, 3 Dec 2017 06:06:43 +0000 (09:06 +0300)