From 5116d22ed84db0f15a7f583bcbe243ee2cd606e1 Mon Sep 17 00:00:00 2001 From: Arun Persaud Date: Mon, 25 Feb 2013 22:04:21 -0800 Subject: mysql optimization: don't quote integers as strings in WHERE --- include/openid.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'include/openid.php') diff --git a/include/openid.php b/include/openid.php index 16c59f4..14024b8 100644 --- a/include/openid.php +++ b/include/openid.php @@ -142,22 +142,23 @@ function DB_GetUserId($openid_url) function DB_GetOpenIDsByUser($user_id) { - return DB_query_array_all("SELECT openid_url FROM user_openids WHERE user_id = '$user_id'"); + return DB_query_array_all("SELECT openid_url FROM user_openids WHERE user_id =".DB_quote_smart($user_id)); } function DB_AttachOpenID($openid_url, $user_id) { - DB_query("INSERT INTO user_openids VALUES (".DB_quote_smart(OpenIDUrlEncode($openid_url)).", '$user_id')"); + DB_query("INSERT INTO user_openids VALUES (".DB_quote_smart(OpenIDUrlEncode($openid_url)).", ".DB_quote_smart($user_id).")"); } function DB_DetachOpenID($openid_url, $user_id) { - DB_query("DELETE FROM user_openids WHERE openid_url = ".DB_quote_smart(OpenIDUrlEncode($openid_url))." AND user_id = '$user_id'"); + DB_query("DELETE FROM user_openids WHERE openid_url = ".DB_quote_smart(OpenIDUrlEncode($openid_url)). + " AND user_id = ".DB_quote_smart($user_id)); } function DB_DetachOpenIDsByUser($user_id) { - DB_query("DELETE FROM user_openids WHERE user_id = '$user_id'"); + DB_query("DELETE FROM user_openids WHERE user_id = ".DB_quote_smart($user_id)); } ?> \ No newline at end of file -- cgit v1.2.3-18-g5258