completeLabels: use prepare() not query()

master
Andrew Dolgov 7 years ago
parent ed5cd6eae5
commit 731ecac530

@ -334,7 +334,7 @@ class RPC extends Handler_Protected {
function completeLabels() { function completeLabels() {
$search = $_REQUEST["search"]; $search = $_REQUEST["search"];
$sth = $this->pdo->query("SELECT DISTINCT caption FROM $sth = $this->pdo->prepare("SELECT DISTINCT caption FROM
ttrss_labels2 ttrss_labels2
WHERE owner_uid = ? AND WHERE owner_uid = ? AND
LOWER(caption) LIKE LOWER(?) ORDER BY caption LOWER(caption) LIKE LOWER(?) ORDER BY caption

Loading…
Cancel
Save