- $result = $this->dbh->query("SELECT * FROM ttrss_archived_feeds
- WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
-
- if ($this->dbh->num_rows($result) != 0) {
- $site_url = $this->dbh->escape_string(db_fetch_result($result, 0, "site_url"));
- $feed_url = $this->dbh->escape_string(db_fetch_result($result, 0, "feed_url"));
- $title = $this->dbh->escape_string(db_fetch_result($result, 0, "title"));
-
- $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
- feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
-
- if ($this->dbh->num_rows($result) == 0) {
- $result = $this->dbh->query("INSERT INTO ttrss_feeds
- (owner_uid,feed_url,title,cat_id,site_url)
- VALUES ('".$_SESSION["uid"]."',
- '$feed_url', '$title', NULL, '$site_url')");
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_archived_feeds
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$id, $_SESSION['uid']]);
+
+ if ($row = $sth->fetch()) {
+ $site_url = $row['site_url'];
+ $feed_url = $row['feed_url'];
+ $title = $row['title'];
+
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
+ feed_url = ? AND owner_uid = ?");
+ $sth->execute([$feed_url, $_SESSION['uid']]);
+
+ if (!$sth->fetch()) {
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_feeds
+ (owner_uid,feed_url,title,cat_id,site_url)
+ VALUES (?, ?, ?, NULL, ?)");
+
+ $sth->execute([$_SESSION['uid'], $feed_url, $title, $site_url]);