From 1a0521093360d1f9d799aa9e954f91cfce1ada60 Mon Sep 17 00:00:00 2001 From: JustAMacUser Date: Sat, 2 Dec 2017 14:08:55 -0500 Subject: [PATCH] Fixed PDO query to prepared statement in API::updateArticles. --- classes/api.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/api.php b/classes/api.php index ad0372dbf..8ffa74d9e 100644 --- a/classes/api.php +++ b/classes/api.php @@ -297,7 +297,7 @@ class API extends Handler { $num_updated = $sth->rowCount(); if ($num_updated > 0 && $field == "unread") { - $sth = $this->pdo->query("SELECT DISTINCT feed_id FROM ttrss_user_entries + $sth = $this->pdo->prepare("SELECT DISTINCT feed_id FROM ttrss_user_entries WHERE ref_id IN ($article_qmarks)"); $sth->execute($article_ids);