Skip to content

Commit

Permalink
feat: use prepared statements
Browse files Browse the repository at this point in the history
  • Loading branch information
@edmondas
edmondas committed Dec 2, 2023
1 parent 12e8ebf commit 53062c8
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions lib/LegacyUsers.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -734,12 +734,13 @@ public function update_user_details(array $details): bool
// current username is not the same as the username that was given by the
// user, the username should apparently be changed. If so, check if the "new"
// username already exists.
$query = "SELECT username FROM users WHERE id = " . $this->db->quote($details['uid'], 'integer');
$response = $this->db->query($query);

$usercheck = $response->fetch();
$query = "SELECT username FROM users WHERE id = :id";
$stmt = $this->db->prepare($query);
$stmt->bindParam(':id', $details['uid'], PDO::PARAM_INT);
$stmt->execute();
$userCheck = $stmt->fetch();

if ($usercheck ['username'] != $details['username']) {
if ($userCheck['username'] != $details['username']) {
// Username of user ID in the database is different from the name
// we have been given. User wants a change of username. Now, make
// sure it doesn't already exist.
Expand Down

0 comments on commit 53062c8

Please sign in to comment.