We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit dbb17880 authored by clint's avatar clint

use mdb2->quote for quoting strings for db

parent 6615095d
......@@ -61,12 +61,12 @@ if($album != 'NULL') {
getTrackCreateIfNew($artist, $album, $track, $mbid);
//Expire old tracks
$mdb2->query("DELETE FROM Now_Playing WHERE expires < " . time());
$mdb2->exec("DELETE FROM Now_Playing WHERE expires < " . time());
//Delete this user's last playing song (if any)
$mdb2->query("DELETE FROM Now_Playing WHERE sessionid = '" . $sess . "'");
$mdb2->exec("DELETE FROM Now_Playing WHERE sessionid = " . $mdb2->quote($sess, "text"));
$mdb2->query("INSERT INTO Now_Playing (sessionid, artist, album, track, expires, mbid) VALUES ("
$mdb2->exec("INSERT INTO Now_Playing (sessionid, artist, album, track, expires, mbid) VALUES ("
. $sess . ", "
. $artist . ", "
. $album . ", "
......
......@@ -166,7 +166,7 @@ for($i = 0; $i < count($_POST['a']); $i++) {
}
// Destroy now_playing since it is almost certainly obsolescent
$mdb2->exec("DELETE FROM Now_Playing WHERE sessionid = '" . $session_id . "'");
$mdb2->exec("DELETE FROM Now_Playing WHERE sessionid = " . $mdb2->quote($session_id, "text"));
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment