move mysqli_real_escape_string out of select

This commit is contained in:
mischa 2022-08-23 05:51:12 +00:00
parent 518df2473e
commit 680f8dffe5

View File

@ -53,7 +53,8 @@ function generate_short($url, $mysqli) {
} }
function find_short($hash, $mysqli) { function find_short($hash, $mysqli) {
$result = mysqli_query($mysqli, "SELECT * FROM " . DB_TABLE . " WHERE id='" . mysqli_real_escape_string($mysqli, $hash) . "'"); $hash = mysqli_real_escape_string($mysqli, $hash);
$result = mysqli_query($mysqli, "SELECT * FROM " . DB_TABLE . " WHERE id='$hash'") . "'");
if ($row = mysqli_fetch_assoc($result)) { if ($row = mysqli_fetch_assoc($result)) {
$link = $row['url']; $link = $row['url'];
mysqli_query($mysqli, "UPDATE " . DB_TABLE . " SET count='" . ($row['count'] + 1) . "' WHERE id='" . $row['id'] . "'"); mysqli_query($mysqli, "UPDATE " . DB_TABLE . " SET count='" . ($row['count'] + 1) . "' WHERE id='" . $row['id'] . "'");