completeLabels: use prepare() not query()

This commit is contained in:
Andrew Dolgov 2017-12-03 09:06:43 +03:00
parent ed5cd6eae5
commit 731ecac530
1 changed files with 1 additions and 1 deletions

View File

@ -334,7 +334,7 @@ class RPC extends Handler_Protected {
function completeLabels() { function completeLabels() {
$search = $_REQUEST["search"]; $search = $_REQUEST["search"];
$sth = $this->pdo->query("SELECT DISTINCT caption FROM $sth = $this->pdo->prepare("SELECT DISTINCT caption FROM
ttrss_labels2 ttrss_labels2
WHERE owner_uid = ? AND WHERE owner_uid = ? AND
LOWER(caption) LIKE LOWER(?) ORDER BY caption LOWER(caption) LIKE LOWER(?) ORDER BY caption