From 680f8dffe5fcdf0192653fc09f1940b02cbe6fbd Mon Sep 17 00:00:00 2001 From: mischa Date: Tue, 23 Aug 2022 05:51:12 +0000 Subject: [PATCH] move mysqli_real_escape_string out of select --- index.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/index.php b/index.php index 4d96623..9a34a98 100644 --- a/index.php +++ b/index.php @@ -53,7 +53,8 @@ function generate_short($url, $mysqli) { } function find_short($hash, $mysqli) { - $result = mysqli_query($mysqli, "SELECT * FROM " . DB_TABLE . " WHERE id='" . mysqli_real_escape_string($mysqli, $hash) . "'"); + $hash = mysqli_real_escape_string($mysqli, $hash); + $result = mysqli_query($mysqli, "SELECT * FROM " . DB_TABLE . " WHERE id='$hash'") . "'"); if ($row = mysqli_fetch_assoc($result)) { $link = $row['url']; mysqli_query($mysqli, "UPDATE " . DB_TABLE . " SET count='" . ($row['count'] + 1) . "' WHERE id='" . $row['id'] . "'");