From ac50b1afb4f231504c74eaa2a217d3b3bf49a91d Mon Sep 17 00:00:00 2001 From: Tobias Mueller Date: Sat, 6 Jun 2009 17:43:24 +0200 Subject: [PATCH] Use explicit column name in elec_get_results --- foundation.gnome.org/vote/include/election-sql.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/foundation.gnome.org/vote/include/election-sql.php b/foundation.gnome.org/vote/include/election-sql.php index c5f3879..09991c3 100644 --- a/foundation.gnome.org/vote/include/election-sql.php +++ b/foundation.gnome.org/vote/include/election-sql.php @@ -209,7 +209,7 @@ function elec_get_results ($handle, $election_id) { $escaped_election_id = mysql_real_escape_string ($election_id, $handle); - $query = "SELECT * FROM " . $results_table; //FIXME: Don't use wildcards + $query = "SELECT result FROM " . $results_table; $query .= " WHERE election_id = '".$escaped_election_id."'"; $result = mysql_query ($query, $handle);