Conservancy/supporters
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

We should call the DBI quote function for integer.

Browse source
This commit is contained in:
Bradley M. Kuhn 2015-12-17 19:54:37 -08:00
parent e2a63b30fa
commit eee5a0d3d6
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Supporters/lib/Supporters.pm
View file

@ -481,7 +481,8 @@ sub _verifyId($$) {
die "_verifyId() called with a non-numeric id" unless defined $id and looks_like_number($id); die "_verifyId() called with a non-numeric id" unless defined $id and looks_like_number($id);
my $val = $self->dbh()->selectall_hashref("SELECT id FROM supporter WHERE id = $id", 'id'); my $val = $self->dbh()->selectall_hashref("SELECT id FROM supporter WHERE id = " .
$self->dbh->quote($id, 'SQL_INTEGER'), 'id');
return (defined $val and defined $val->{$id}); return (defined $val and defined $val->{$id});
} }