From 5116d22ed84db0f15a7f583bcbe243ee2cd606e1 Mon Sep 17 00:00:00 2001 From: Arun Persaud Date: Mon, 25 Feb 2013 22:04:21 -0800 Subject: mysql optimization: don't quote integers as strings in WHERE --- rss.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'rss.php') diff --git a/rss.php b/rss.php index a6e5d1b..e6db287 100644 --- a/rss.php +++ b/rss.php @@ -100,8 +100,8 @@ echo "\n\n"; $result = DB_query("SELECT Hand.hash,Hand.game_id,Game.player from Hand". " LEFT JOIN Game On Hand.game_id=Game.id". - " WHERE Hand.user_id='$id'". - " AND ( Game.player='$id' OR ISNULL(Game.player) )". + " WHERE Hand.user_id=".DB_quote_smart($id). + " AND ( Game.player=".DB_quote_smart($id)." OR ISNULL(Game.player) )". " AND ( Game.status='pre' OR Game.status='play' )". " ORDER BY Game.session" ); -- cgit v1.2.3-18-g5258