X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=rss.php;h=e6db2875d531c3fbf08dab4485a6d608a4b7f9bc;hp=a6e5d1b90e42c4487563d066b7228ed224cae50e;hb=ef0fd1178c4f9e5bea92dac7d02a12ce0d523547;hpb=46140faa11b97252647178a811da22509256d6c4

diff --git a/rss.php b/rss.php
index a6e5d1b..e6db287 100644
--- a/rss.php
+++ b/rss.php
@@ -100,8 +100,8 @@ echo "</author>\n\n";
 
   $result = DB_query("SELECT Hand.hash,Hand.game_id,Game.player from Hand".
 		     " LEFT JOIN Game On Hand.game_id=Game.id".
-		     " WHERE Hand.user_id='$id'".
-		     " AND ( Game.player='$id' OR ISNULL(Game.player) )".
+		     " WHERE Hand.user_id=".DB_quote_smart($id).
+		     " AND ( Game.player=".DB_quote_smart($id)." OR ISNULL(Game.player) )".
 		     " AND ( Game.status='pre' OR Game.status='play' )".
 		     " ORDER BY Game.session" );