blallo/tt-rss
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

completeLabels: use prepare() not query()

Browse source
This commit is contained in:
Andrew Dolgov 2017-12-03 09:06:43 +03:00
parent ed5cd6eae5
commit 731ecac530
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
classes/rpc.php
View file

@ -334,7 +334,7 @@ class RPC extends Handler_Protected {
function completeLabels() {
$search = $_REQUEST["search"];
$sth = $this->pdo->query("SELECT DISTINCT caption FROM
$sth = $this->pdo->prepare("SELECT DISTINCT caption FROM
ttrss_labels2
WHERE owner_uid = ? AND
LOWER(caption) LIKE LOWER(?) ORDER BY caption