mysql optimization: don't quote integers as strings in WHERE

author: Arun Persaud <arun@nubati.net> 2013-02-25 22:04:21 -0800
committer: Arun Persaud <arun@nubati.net> 2013-02-25 22:04:21 -0800
commit: 5116d22ed84db0f15a7f583bcbe243ee2cd606e1 (patch)
tree: f0606717f34a65c874116e435638b19209e325fb /rss.php
parent: 94bbb934cb0bc65c72e2ab724f4bf99b3c7207be (diff)
download: e-DoKo-5116d22ed84db0f15a7f583bcbe243ee2cd606e1.tar.gz
e-DoKo-5116d22ed84db0f15a7f583bcbe243ee2cd606e1.tar.bz2
e-DoKo-5116d22ed84db0f15a7f583bcbe243ee2cd606e1.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/rss.php b/rss.php
index a6e5d1b..e6db287 100644
--- a/rss.php
+++ b/rss.php
@@ -100,8 +100,8 @@ echo "</author>\n\n";
 
   $result = DB_query("SELECT Hand.hash,Hand.game_id,Game.player from Hand".
 		     " LEFT JOIN Game On Hand.game_id=Game.id".
-		     " WHERE Hand.user_id='$id'".
-		     " AND ( Game.player='$id' OR ISNULL(Game.player) )".
+		     " WHERE Hand.user_id=".DB_quote_smart($id).
+		     " AND ( Game.player=".DB_quote_smart($id)." OR ISNULL(Game.player) )".
 		     " AND ( Game.status='pre' OR Game.status='play' )".
 		     " ORDER BY Game.session" );
author	Arun Persaud <arun@nubati.net>	2013-02-25 22:04:21 -0800
committer	Arun Persaud <arun@nubati.net>	2013-02-25 22:04:21 -0800
commit	5116d22ed84db0f15a7f583bcbe243ee2cd606e1 (patch)
tree	f0606717f34a65c874116e435638b19209e325fb /rss.php
parent	94bbb934cb0bc65c72e2ab724f4bf99b3c7207be (diff)
download	e-DoKo-5116d22ed84db0f15a7f583bcbe243ee2cd606e1.tar.gz e-DoKo-5116d22ed84db0f15a7f583bcbe243ee2cd606e1.tar.bz2 e-DoKo-5116d22ed84db0f15a7f583bcbe243ee2cd606e1.zip