Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
Browse Source

Use prepared queries on better, blog, and some bookmarks (add/remove artist notifications still broken)

biotorrents 3 years ago
parent
d1ca9c6f18
commit
8f824a4843
10 changed files with 59 additions and 53 deletions
Unified View Show Diff Stats
  1. 12
    10
      sections/artist/notify.php
  2. 19
    15
      sections/artist/notifyremove.php
  3. 1
    1
      sections/better/covers.php
  4. 3
    3
      sections/better/folders.php
  5. 1
    1
      sections/better/literature.php
  6. 1
    1
      sections/better/single.php
  7. 3
    3
      sections/better/tags.php
  8. 10
    10
      sections/blog/index.php
  9. 6
    6
      sections/bookmarks/add.php
  10. 3
    3
      sections/bookmarks/artists.php

+ 12
- 10
sections/artist/notify.php View File

5 
 if (!check_perms('site_torrents_notify')) {
 5 
 if (!check_perms('site_torrents_notify')) {
6 
     error(403);
 6 
     error(403);
7 
 }
 7 
 }
8 
-$ArtistID = $_GET['artistid'];
9 
-if (!is_number($ArtistID)) {
10 
-    error(0);
11 
-}
8 
+
9 
+$ArtistID = (int) $_GET['artistid'];
10 
+Security::checkInt($ArtistID);
11 
+
12 
 /*
 12 
 /*
13 
-$DB->query("
13 
+$DB->prepared_query("
14 
   SELECT GROUP_CONCAT(Name SEPARATOR '|')
 14 
   SELECT GROUP_CONCAT(Name SEPARATOR '|')
15 
   FROM artists_alias
 15 
   FROM artists_alias
16 
   WHERE ArtistID = '$ArtistID'
 16 
   WHERE ArtistID = '$ArtistID'
18 
   GROUP BY ArtistID");
 18 
   GROUP BY ArtistID");
19 
 list($ArtistAliases) = $DB->next_record(MYSQLI_NUM, FALSE);
 19 
 list($ArtistAliases) = $DB->next_record(MYSQLI_NUM, FALSE);
20 
 */
 20 
 */
21 
-$DB->query("
21 
+
22 
+$DB->prepared_query("
22 
   SELECT Name
 23 
   SELECT Name
23 
   FROM artists_group
 24 
   FROM artists_group
24 
   WHERE ArtistID = '$ArtistID'");
 25 
   WHERE ArtistID = '$ArtistID'");
26
27
27 
 $Notify = $Cache->get_value('notify_artists_'.$LoggedUser['ID']);
 28 
 $Notify = $Cache->get_value('notify_artists_'.$LoggedUser['ID']);
28 
 if (empty($Notify)) {
 29 
 if (empty($Notify)) {
29 
-    $DB->query("
30 
+    $DB->prepared_query("
30 
     SELECT ID, Artists
 31 
     SELECT ID, Artists
31 
     FROM users_notify_filters
 32 
     FROM users_notify_filters
32 
     WHERE Label = 'Artist notifications'
 33 
     WHERE Label = 'Artist notifications'
34 
     ORDER BY ID
 35 
     ORDER BY ID
35 
     LIMIT 1");
 36 
     LIMIT 1");
36 
 } else {
 37 
 } else {
37 
-    $DB->query("
38 
+    $DB->prepared_query("
38 
     SELECT ID, Artists
 39 
     SELECT ID, Artists
39 
     FROM users_notify_filters
 40 
     FROM users_notify_filters
40 
     WHERE ID = '$Notify[ID]'");
 41 
     WHERE ID = '$Notify[ID]'");
41 
 }
 42 
 }
43 
+
42 
 if (empty($Notify) && !$DB->has_results()) {
 44 
 if (empty($Notify) && !$DB->has_results()) {
43 
-    $DB->query("
45 
+    $DB->prepared_query("
44 
     INSERT INTO users_notify_filters
 46 
     INSERT INTO users_notify_filters
45 
       (UserID, Label, Artists)
 47 
       (UserID, Label, Artists)
46 
     VALUES
 48 
     VALUES
52 
     list($ID, $ArtistNames) = $DB->next_record(MYSQLI_NUM, false);
 54 
     list($ID, $ArtistNames) = $DB->next_record(MYSQLI_NUM, false);
53 
     if (stripos($ArtistNames, "|$ArtistAliases|") === false) {
 55 
     if (stripos($ArtistNames, "|$ArtistAliases|") === false) {
54 
         $ArtistNames .= "$ArtistAliases|";
 56 
         $ArtistNames .= "$ArtistAliases|";
55 
-        $DB->query("
57 
+        $DB->prepared_query("
56 
       UPDATE users_notify_filters
 58 
       UPDATE users_notify_filters
57 
       SET Artists = '".db_string($ArtistNames)."'
 59 
       SET Artists = '".db_string($ArtistNames)."'
58 
       WHERE ID = '$ID'");
 60 
       WHERE ID = '$ID'");

+ 19
- 15
sections/artist/notifyremove.php View File

1 
-<?
1 
+<?php
2 
+#declare(strict_types=1);
3 
+
2 
 authorize();
 4 
 authorize();
3 
 if (!check_perms('site_torrents_notify')) {
 5 
 if (!check_perms('site_torrents_notify')) {
4 
-  error(403);
5 
-}
6 
-$ArtistID = $_GET['artistid'];
7 
-if (!is_number($ArtistID)) {
8 
-  error(0);
6 
+    error(403);
9 
 }
 7 
 }
10
8
9 
+$ArtistID = (int) $_GET['artistid'];
10 
+Security::checkInt($ArtistID);
11 
+
11 
 if (($Notify = $Cache->get_value('notify_artists_'.$LoggedUser['ID'])) === false) {
 12 
 if (($Notify = $Cache->get_value('notify_artists_'.$LoggedUser['ID'])) === false) {
12 
-  $DB->query("
13 
+    $DB->prepared_query("
13 
     SELECT ID, Artists
 14 
     SELECT ID, Artists
14 
     FROM users_notify_filters
 15 
     FROM users_notify_filters
15 
     WHERE Label = 'Artist notifications'
 16 
     WHERE Label = 'Artist notifications'
17 
     ORDER BY ID
 18 
     ORDER BY ID
18 
     LIMIT 1");
 19 
     LIMIT 1");
19 
 } else {
 20 
 } else {
20 
-  $DB->query("
21 
+    $DB->prepared_query("
21 
     SELECT ID, Artists
 22 
     SELECT ID, Artists
22 
     FROM users_notify_filters
 23 
     FROM users_notify_filters
23 
     WHERE ID = '$Notify[ID]'");
 24 
     WHERE ID = '$Notify[ID]'");
24 
 }
 25 
 }
25 
 list($ID, $Artists) = $DB->next_record(MYSQLI_NUM, false);
 26 
 list($ID, $Artists) = $DB->next_record(MYSQLI_NUM, false);
26 
-$DB->query("
27 
+
28 
+$DB->prepared_query("
27 
   SELECT Name
 29 
   SELECT Name
28 
   FROM artists_alias
 30 
   FROM artists_alias
29 
   WHERE ArtistID = '$ArtistID'
 31 
   WHERE ArtistID = '$ArtistID'
30 
     AND Redirect = 0");
 32 
     AND Redirect = 0");
33 
+
31 
 while (list($Alias) = $DB->next_record(MYSQLI_NUM, false)) {
 34 
 while (list($Alias) = $DB->next_record(MYSQLI_NUM, false)) {
32 
-  while (stripos($Artists, "|$Alias|") !== false) {
33 
-    $Artists = str_ireplace("|$Alias|", '|', $Artists);
34 
-  }
35 
+    while (stripos($Artists, "|$Alias|") !== false) {
36 
+        $Artists = str_ireplace("|$Alias|", '|', $Artists);
37 
+    }
35 
 }
 38 
 }
39 
+
36 
 if ($Artists == '|') {
 40 
 if ($Artists == '|') {
37 
-  $DB->query("
41 
+    $DB->prepared_query("
38 
     DELETE FROM users_notify_filters
 42 
     DELETE FROM users_notify_filters
39 
     WHERE ID = $ID");
 43 
     WHERE ID = $ID");
40 
 } else {
 44 
 } else {
41 
-  $DB->query("
45 
+    $DB->prepared_query("
42 
     UPDATE users_notify_filters
 46 
     UPDATE users_notify_filters
43 
     SET Artists = '".db_string($Artists)."'
 47 
     SET Artists = '".db_string($Artists)."'
44 
     WHERE ID = '$ID'");
 48 
     WHERE ID = '$ID'");
45 
 }
 49 
 }
50 
+
46 
 $Cache->delete_value('notify_filters_'.$LoggedUser['ID']);
 51 
 $Cache->delete_value('notify_filters_'.$LoggedUser['ID']);
47 
 $Cache->delete_value('notify_artists_'.$LoggedUser['ID']);
 52 
 $Cache->delete_value('notify_artists_'.$LoggedUser['ID']);
48 
 header('Location: '.$_SERVER['HTTP_REFERER']);
 53 
 header('Location: '.$_SERVER['HTTP_REFERER']);
49 
-?>

+ 1
- 1
sections/better/covers.php View File

31 
 $DB->exec_prepared_query();
 31 
 $DB->exec_prepared_query();
32
32
33 
 $Groups = $DB->to_array('id', MYSQLI_ASSOC);
 33 
 $Groups = $DB->to_array('id', MYSQLI_ASSOC);
34 
-$DB->query('SELECT FOUND_ROWS()');
34 
+$DB->prepared_query('SELECT FOUND_ROWS()');
35 
 list($NumResults) = $DB->next_record();
 35 
 list($NumResults) = $DB->next_record();
36 
 $Results = Torrents::get_groups(array_keys($Groups));
 36 
 $Results = Torrents::get_groups(array_keys($Groups));
37
37

+ 3
- 3
sections/better/folders.php View File

2 
 #declare(strict_types=1);
 2 
 #declare(strict_types=1);
3
3
4 
 if (check_perms('admin_reports') && !empty($_GET['remove']) && is_number($_GET['remove'])) {
 4 
 if (check_perms('admin_reports') && !empty($_GET['remove']) && is_number($_GET['remove'])) {
5 
-    $DB->query("
5 
+    $DB->prepared_query("
6 
     DELETE FROM torrents_bad_folders
 6 
     DELETE FROM torrents_bad_folders
7 
     WHERE TorrentID = ".$_GET['remove']);
 7 
     WHERE TorrentID = ".$_GET['remove']);
8
8
9 
-    $DB->query("
9 
+    $DB->prepared_query("
10 
     SELECT GroupID
 10 
     SELECT GroupID
11 
     FROM torrents
 11 
     FROM torrents
12 
     WHERE ID = ".$_GET['remove']);
 12 
     WHERE ID = ".$_GET['remove']);
24 
 }
 24 
 }
25
25
26 
 View::show_header('Torrents with bad folder names');
 26 
 View::show_header('Torrents with bad folder names');
27 
-$DB->query("
27 
+$DB->prepared_query("
28 
   SELECT tbf.TorrentID, t.GroupID
 28 
   SELECT tbf.TorrentID, t.GroupID
29 
   FROM torrents_bad_folders AS tbf
 29 
   FROM torrents_bad_folders AS tbf
30 
     JOIN torrents AS t ON t.ID = tbf.TorrentID
 30 
     JOIN torrents AS t ON t.ID = tbf.TorrentID

+ 1
- 1
sections/better/literature.php View File

31 
 ");
 31 
 ");
32
32
33 
 $Groups = $DB->to_array('id', MYSQLI_ASSOC);
 33 
 $Groups = $DB->to_array('id', MYSQLI_ASSOC);
34 
-$DB->query('SELECT FOUND_ROWS()');
34 
+$DB->prepared_query('SELECT FOUND_ROWS()');
35 
 list($NumResults) = $DB->next_record();
 35 
 list($NumResults) = $DB->next_record();
36 
 $Results = Torrents::get_groups(array_keys($Groups)); ?>
 36 
 $Results = Torrents::get_groups(array_keys($Groups)); ?>
37
37

+ 1
- 1
sections/better/single.php View File

2 
 declare(strict_types = 1);
 2 
 declare(strict_types = 1);
3
3
4 
 if (($Results = $Cache->get_value('better_single_groupids')) === false) {
 4 
 if (($Results = $Cache->get_value('better_single_groupids')) === false) {
5 
-    $DB->query("
5 
+    $DB->prepared_query("
6 
     SELECT
 6 
     SELECT
7 
       t.`ID` AS `TorrentID`,
 7 
       t.`ID` AS `TorrentID`,
8 
       t.`GroupID` AS `GroupID`
 8 
       t.`GroupID` AS `GroupID`

+ 3
- 3
sections/better/tags.php View File

2 
 declare(strict_types=1);
 2 
 declare(strict_types=1);
3
3
4 
 if (check_perms('admin_reports') && !empty($_GET['remove']) && is_number($_GET['remove'])) {
 4 
 if (check_perms('admin_reports') && !empty($_GET['remove']) && is_number($_GET['remove'])) {
5 
-    $DB->query("
5 
+    $DB->prepared_query("
6 
     DELETE FROM torrents_bad_tags
 6 
     DELETE FROM torrents_bad_tags
7 
     WHERE TorrentID = ".$_GET['remove']);
 7 
     WHERE TorrentID = ".$_GET['remove']);
8
8
9 
-    $DB->query("
9 
+    $DB->prepared_query("
10 
     SELECT GroupID
 10 
     SELECT GroupID
11 
     FROM torrents
 11 
     FROM torrents
12 
     WHERE ID = ".$_GET['remove']);
 12 
     WHERE ID = ".$_GET['remove']);
25
25
26 
 View::show_header('Torrents with bad tags');
 26 
 View::show_header('Torrents with bad tags');
27
27
28 
-$DB->query("
28 
+$DB->prepared_query("
29 
   SELECT tbt.TorrentID, t.GroupID
 29 
   SELECT tbt.TorrentID, t.GroupID
30 
   FROM torrents_bad_tags AS tbt
 30 
   FROM torrents_bad_tags AS tbt
31 
     JOIN torrents AS t ON t.ID = tbt.TorrentID
 31 
     JOIN torrents AS t ON t.ID = tbt.TorrentID

+ 10
- 10
sections/blog/index.php View File

11 
         switch ($_REQUEST['action']) {
 11 
         switch ($_REQUEST['action']) {
12 
       case 'deadthread':
 12 
       case 'deadthread':
13 
         if (is_number($_GET['id'])) {
 13 
         if (is_number($_GET['id'])) {
14 
-            $DB->query("
14 
+            $DB->prepared_query("
15 
             UPDATE blog
 15 
             UPDATE blog
16 
             SET ThreadID = NULL
 16 
             SET ThreadID = NULL
17 
             WHERE ID = ".$_GET['id']);
 17 
             WHERE ID = ".$_GET['id']);
24 
       case 'takeeditblog':
 24 
       case 'takeeditblog':
25 
         authorize();
 25 
         authorize();
26 
         if (is_number($_POST['blogid']) && is_number($_POST['thread'])) {
 26 
         if (is_number($_POST['blogid']) && is_number($_POST['thread'])) {
27 
-            $DB->query("
27 
+            $DB->prepared_query("
28 
             UPDATE blog
 28 
             UPDATE blog
29 
             SET
 29 
             SET
30 
               Title = '".db_string($_POST['title'])."',
 30 
               Title = '".db_string($_POST['title'])."',
40 
       case 'editblog':
 40 
       case 'editblog':
41 
         if (is_number($_GET['id'])) {
 41 
         if (is_number($_GET['id'])) {
42 
             $BlogID = $_GET['id'];
 42 
             $BlogID = $_GET['id'];
43 
-            $DB->query("
43 
+            $DB->prepared_query("
44 
             SELECT Title, Body, ThreadID
 44 
             SELECT Title, Body, ThreadID
45 
             FROM blog
 45 
             FROM blog
46 
             WHERE ID = $BlogID");
 46 
             WHERE ID = $BlogID");
51 
       case 'deleteblog':
 51 
       case 'deleteblog':
52 
         if (is_number($_GET['id'])) {
 52 
         if (is_number($_GET['id'])) {
53 
             authorize();
 53 
             authorize();
54 
-            $DB->query("
54 
+            $DB->prepared_query("
55 
             DELETE FROM blog
 55 
             DELETE FROM blog
56 
             WHERE ID = '".db_string($_GET['id'])."'");
 56 
             WHERE ID = '".db_string($_GET['id'])."'");
57 
             $Cache->delete_value('blog');
 57 
             $Cache->delete_value('blog');
66 
         $Body = db_string($_POST['body']);
 66 
         $Body = db_string($_POST['body']);
67 
         $ThreadID = $_POST['thread'];
 67 
         $ThreadID = $_POST['thread'];
68 
         if ($ThreadID && is_number($ThreadID)) {
 68 
         if ($ThreadID && is_number($ThreadID)) {
69 
-            $DB->query("
69 
+            $DB->prepared_query("
70 
             SELECT ForumID
 70 
             SELECT ForumID
71 
             FROM forums_topics
 71 
             FROM forums_topics
72 
             WHERE ID = $ThreadID");
 72 
             WHERE ID = $ThreadID");
81 
             }
 81 
             }
82 
         }
 82 
         }
83
83
84 
-        $DB->query("
84 
+        $DB->prepared_query("
85 
           INSERT INTO blog
 85 
           INSERT INTO blog
86 
             (UserID, Title, Body, Time, ThreadID, Important)
 86 
             (UserID, Title, Body, Time, ThreadID, Important)
87 
           VALUES
 87 
           VALUES
96 
             $Cache->delete_value('blog_latest_id');
 96 
             $Cache->delete_value('blog_latest_id');
97 
         }
 97 
         }
98 
         if (isset($_POST['subscribe'])) {
 98 
         if (isset($_POST['subscribe'])) {
99 
-            $DB->query("
99 
+            $DB->prepared_query("
100 
             INSERT IGNORE INTO users_subscriptions
 100 
             INSERT IGNORE INTO users_subscriptions
101 
             VALUES ('$LoggedUser[ID]', $ThreadID)");
 101 
             VALUES ('$LoggedUser[ID]', $ThreadID)");
102 
             $Cache->delete_value('subscriptions_user_'.$LoggedUser['ID']);
 102 
             $Cache->delete_value('subscriptions_user_'.$LoggedUser['ID']);
140 
       <label for="subscribebox">Subscribe</label>
 140 
       <label for="subscribebox">Subscribe</label>
141
141
142 
       <div class="center">
 142 
       <div class="center">
143 
-        <input type="submit"
143 
+        <input type="submit" class="button-primary"
144 
           value="<?=!isset($_GET['action']) ? 'Create blog post' : 'Edit blog post'; ?>" />
 144 
           value="<?=!isset($_GET['action']) ? 'Create blog post' : 'Edit blog post'; ?>" />
145 
       </div>
 145 
       </div>
146 
     </div>
 146 
     </div>
153 
 <div>
 153 
 <div>
154 
   <?php
 154 
   <?php
155 
 if (!$Blog = $Cache->get_value('blog')) {
 155 
 if (!$Blog = $Cache->get_value('blog')) {
156 
-    $DB->query("
156 
+    $DB->prepared_query("
157 
     SELECT
 157 
     SELECT
158 
       b.ID,
 158 
       b.ID,
159 
       um.Username,
 159 
       um.Username,
174 
     $Cache->begin_transaction('user_info_heavy_'.$LoggedUser['ID']);
 174 
     $Cache->begin_transaction('user_info_heavy_'.$LoggedUser['ID']);
175 
     $Cache->update_row(false, array('LastReadBlog' => $Blog[0][0]));
 175 
     $Cache->update_row(false, array('LastReadBlog' => $Blog[0][0]));
176 
     $Cache->commit_transaction(0);
 176 
     $Cache->commit_transaction(0);
177 
-    $DB->query("
177 
+    $DB->prepared_query("
178 
     UPDATE users_info
 178 
     UPDATE users_info
179 
     SET LastReadBlog = '".$Blog[0][0]."'
 179 
     SET LastReadBlog = '".$Blog[0][0]."'
180 
     WHERE UserID = ".$LoggedUser['ID']);
 180 
     WHERE UserID = ".$LoggedUser['ID']);

+ 6
- 6
sections/bookmarks/add.php View File

18 
 }
 18 
 }
19
19
20 
 $PageID = $_GET['id'];
 20 
 $PageID = $_GET['id'];
21 
-$DB->query("
21 
+$DB->prepared_query("
22 
 SELECT
 22 
 SELECT
23 
   `UserID`
 23 
   `UserID`
24 
 FROM
 24 
 FROM
29
29
30 
 if (!$DB->has_results()) {
 30 
 if (!$DB->has_results()) {
31 
     if ($Type === 'torrent') {
 31 
     if ($Type === 'torrent') {
32 
-        $DB->query("
32 
+        $DB->prepared_query("
33 
         SELECT
 33 
         SELECT
34 
           MAX(`Sort`)
 34 
           MAX(`Sort`)
35 
         FROM
 35 
         FROM
44 
         }
 44 
         }
45
45
46 
         $Sort += 1;
 46 
         $Sort += 1;
47 
-        $DB->query("
47 
+        $DB->prepared_query("
48 
         INSERT IGNORE
 48 
         INSERT IGNORE
49 
         INTO $Table(`UserID`, $Col, `Time`, `Sort`)
 49 
         INTO $Table(`UserID`, $Col, `Time`, `Sort`)
50 
         VALUES(
 50 
         VALUES(
55 
         )
 55 
         )
56 
         ");
 56 
         ");
57 
     } else {
 57 
     } else {
58 
-        $DB->query("
58 
+        $DB->prepared_query("
59 
         INSERT IGNORE
 59 
         INSERT IGNORE
60 
         INTO $Table(`UserID`, $Col, `Time`)
 60 
         INTO $Table(`UserID`, $Col, `Time`)
61 
         VALUES(
 61 
         VALUES(
69 
     $Cache->delete_value('bookmarks_'.$Type.'_'.$LoggedUser['ID']);
 69 
     $Cache->delete_value('bookmarks_'.$Type.'_'.$LoggedUser['ID']);
70 
     if ($Type === 'torrent') {
 70 
     if ($Type === 'torrent') {
71 
         $Cache->delete_value("bookmarks_group_ids_$UserID");
 71 
         $Cache->delete_value("bookmarks_group_ids_$UserID");
72 
-        $DB->query("
72 
+        $DB->prepared_query("
73 
         SELECT
 73 
         SELECT
74 
           `title`,
 74 
           `title`,
75 
           `year`,
 75 
           `year`,
115 
             $Feed->populate('torrents_bookmarks_t_'.$LoggedUser['torrent_pass'], $Item);
 115 
             $Feed->populate('torrents_bookmarks_t_'.$LoggedUser['torrent_pass'], $Item);
116 
         }
 116 
         }
117 
     } elseif ($Type === 'request') {
 117 
     } elseif ($Type === 'request') {
118 
-        $DB->query("
118 
+        $DB->prepared_query("
119 
         SELECT
 119 
         SELECT
120 
           `UserID`
 120 
           `UserID`
121 
         FROM
 121 
         FROM

+ 3
- 3
sections/bookmarks/artists.php View File

13 
         error(404);
 13 
         error(404);
14 
     }
 14 
     }
15
15
16 
-    $DB->query("
16 
+    $DB->prepared_query("
17 
       SELECT Username
 17 
       SELECT Username
18 
       FROM users_main
 18 
       FROM users_main
19 
       WHERE ID = '$UserID'");
 19 
       WHERE ID = '$UserID'");
25 
 $Sneaky = $UserID !== $LoggedUser['ID'];
 25 
 $Sneaky = $UserID !== $LoggedUser['ID'];
26 
 //$ArtistList = Bookmarks::all_bookmarks('artist', $UserID);
 26 
 //$ArtistList = Bookmarks::all_bookmarks('artist', $UserID);
27
27
28 
-$DB->query("
28 
+$DB->prepared_query("
29 
   SELECT ag.ArtistID, ag.Name
 29 
   SELECT ag.ArtistID, ag.Name
30 
   FROM bookmarks_artists AS ba
 30 
   FROM bookmarks_artists AS ba
31 
     INNER JOIN artists_group AS ag ON ba.ArtistID = ag.ArtistID
 31 
     INNER JOIN artists_group AS ag ON ba.ArtistID = ag.ArtistID
81 
         <?php
 81 
         <?php
82 
   if (check_perms('site_torrents_notify')) {
 82 
   if (check_perms('site_torrents_notify')) {
83 
       if (($Notify = $Cache->get_value('notify_artists_'.$LoggedUser['ID'])) === false) {
 83 
       if (($Notify = $Cache->get_value('notify_artists_'.$LoggedUser['ID'])) === false) {
84 
-          $DB->query("
84 
+          $DB->prepared_query("
85 
             SELECT ID, Artists
 85 
             SELECT ID, Artists
86 
             FROM users_notify_filters
 86 
             FROM users_notify_filters
87 
             WHERE UserID = '$LoggedUser[ID]'
 87 
             WHERE UserID = '$LoggedUser[ID]'

Write Preview
Loading…
Cancel
Save