From: Andrew Dolgov <noreply@fakecake.org>
Date: Sun, 3 Dec 2017 06:06:43 +0000 (+0300)
Subject: completeLabels: use prepare() not query()
X-Git-Tag: 17.12~31
X-Git-Url: https://git.wh0rd.org/?p=tt-rss.git;a=commitdiff_plain;h=731ecac5306f6463cc98006091dd95fad2b81cc5

completeLabels: use prepare() not query()
---

diff --git a/classes/rpc.php b/classes/rpc.php
index dd592b4d..cc036736 100755
--- a/classes/rpc.php
+++ b/classes/rpc.php
@@ -334,7 +334,7 @@ class RPC extends Handler_Protected {
 	function completeLabels() {
 		$search = $_REQUEST["search"];
 
-		$sth = $this->pdo->query("SELECT DISTINCT caption FROM
+		$sth = $this->pdo->prepare("SELECT DISTINCT caption FROM
 				ttrss_labels2
 				WHERE owner_uid = ? AND
 				LOWER(caption) LIKE LOWER(?) ORDER BY caption