From 5116d22ed84db0f15a7f583bcbe243ee2cd606e1 Mon Sep 17 00:00:00 2001
From: Arun Persaud <arun@nubati.net>
Date: Mon, 25 Feb 2013 22:04:21 -0800
Subject: mysql optimization: don't quote integers as strings in WHERE

---
 include/cancelgame.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include/cancelgame.php')

diff --git a/include/cancelgame.php b/include/cancelgame.php
index d9b69b3..02b5a06 100644
--- a/include/cancelgame.php
+++ b/include/cancelgame.php
@@ -49,7 +49,7 @@ $gameid   = DB_get_gameid_by_hash($me);
 $myname   = DB_get_name('hash',$me);
 
 /* check if game really is old enough to be canceled */
-$r = DB_query_array("SELECT mod_date from Game WHERE id='$gameid' " );
+$r = DB_query_array("SELECT mod_date from Game WHERE id=".DB_quote_smart($gameid) );
 if(time()-strtotime($r[0]) > 60*60*24*30) /* = 1 month */
   {
     /* email to all players */
-- 
cgit v1.2.3-18-g5258