From eee5a0d3d6ce89b3156689df6ae50c80f202dd5b Mon Sep 17 00:00:00 2001
From: "Bradley M. Kuhn" <bkuhn@ebb.org>
Date: Thu, 17 Dec 2015 19:54:37 -0800
Subject: [PATCH] We should call the DBI quote function for integer.

---
 Supporters/lib/Supporters.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Supporters/lib/Supporters.pm b/Supporters/lib/Supporters.pm
index 6229fb0..1786de0 100644
--- a/Supporters/lib/Supporters.pm
+++ b/Supporters/lib/Supporters.pm
@@ -481,7 +481,8 @@ sub _verifyId($$) {
 
   die "_verifyId() called with a non-numeric id" unless defined $id and looks_like_number($id);
 
-  my $val = $self->dbh()->selectall_hashref("SELECT id FROM supporter WHERE id = $id", 'id');
+  my $val = $self->dbh()->selectall_hashref("SELECT id FROM supporter WHERE id = " .
+                                            $self->dbh->quote($id, 'SQL_INTEGER'), 'id');
   return (defined $val and defined $val->{$id});
 
 }