move mysqli_real_escape_string out of select
This commit is contained in:
parent
518df2473e
commit
680f8dffe5
|
@ -53,7 +53,8 @@ function generate_short($url, $mysqli) {
|
|||
}
|
||||
|
||||
function find_short($hash, $mysqli) {
|
||||
$result = mysqli_query($mysqli, "SELECT * FROM " . DB_TABLE . " WHERE id='" . mysqli_real_escape_string($mysqli, $hash) . "'");
|
||||
$hash = mysqli_real_escape_string($mysqli, $hash);
|
||||
$result = mysqli_query($mysqli, "SELECT * FROM " . DB_TABLE . " WHERE id='$hash'") . "'");
|
||||
if ($row = mysqli_fetch_assoc($result)) {
|
||||
$link = $row['url'];
|
||||
mysqli_query($mysqli, "UPDATE " . DB_TABLE . " SET count='" . ($row['count'] + 1) . "' WHERE id='" . $row['id'] . "'");
|
||||
|
|
Loading…
Reference in New Issue