High5! Code

Commit Diff

Commit:: 680f8dffe5fcdf0192653fc09f1940b02cbe6fbd
From:: mischa <mischa@rx.high5.nl>
Date:: Tue Aug 23 05:51:12 2022 UTC
Message:: move mysqli_real_escape_string out of select
Actions:: Patch | Tree

commit - 518df2473eeea72f9ffe9e2b246d99e42230bade
commit + 680f8dffe5fcdf0192653fc09f1940b02cbe6fbd
blob - 4d96623819f8e3bf27bb7b516f61964e9239cde3
blob + 9a34a980f69783165cfe64334d900df9bd97626f
--- index.php
+++ index.php
@@ -53,7 +53,8 @@ function generate_short($url, $mysqli) {
 }
 
 function find_short($hash, $mysqli) {
-	$result = mysqli_query($mysqli, "SELECT * FROM " . DB_TABLE . " WHERE id='" . mysqli_real_escape_string($mysqli, $hash) . "'");
+	$hash = mysqli_real_escape_string($mysqli, $hash);
+	$result = mysqli_query($mysqli, "SELECT * FROM " . DB_TABLE . " WHERE id='$hash'") . "'");
 	if ($row = mysqli_fetch_assoc($result)) {
 		$link = $row['url'];
 		mysqli_query($mysqli, "UPDATE " . DB_TABLE . " SET count='" . ($row['count'] + 1) . "' WHERE id='" . $row['id'] . "'");