bug 1058: refixing big SQL query escaping with "'" in account/55 bug-1058
authorFelix Dörre <felix@dogcraft.de>
Tue, 5 May 2015 19:48:58 +0000 (21:48 +0200)
committerFelix Dörre <felix@dogcraft.de>
Tue, 5 May 2015 19:51:23 +0000 (21:51 +0200)
pages/account/55.php

index 1f01771..2032b18 100644 (file)
@@ -94,7 +94,7 @@
             FROM    `users` AS `u`,
                     `notary` AS `n`
             WHERE   `u`.`id` = \''.intval($_SESSION['profile']['id']).'\'
-            AND `n`.`method` != 'Administrative Increase' AND `n`.`from` != `n`.`to`
+            AND     `n`.`method` != \'Administrative Increase\' AND `n`.`from` != `n`.`to`
             AND     `n`.`to` = `u`.`id`
             AND     `expire` < NOW()
             AND     `n`.`deleted` = 0