From c31a07d855b480f51cf77ba8dac626473a13ec40 Mon Sep 17 00:00:00 2001
From: grandeljay <github.jay@grandel.anonaddy.me>
Date: Sat, 28 Jan 2023 16:50:05 +0100
Subject: [PATCH] Fix sql syntax error

---
 src/api/wishlists.php     | 4 ++--
 src/classes/sanitiser.php | 6 ++++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/api/wishlists.php b/src/api/wishlists.php
index bc4b06d2..8f3b32bc 100644
--- a/src/api/wishlists.php
+++ b/src/api/wishlists.php
@@ -177,11 +177,11 @@ switch ($_SERVER['REQUEST_METHOD']) {
         $database
         ->query(
             'UPDATE `wishlists`
-                SET `name` = :wishlist_name,
+                SET `name` = :wishlist_name
               WHERE `id`   = :wishlist_id',
             array(
                 'wishlist_name' => Sanitiser::getTitle($_PUT['wishlist_title']),
-                'wishlist_id'   => Sanitiser::getTitle($_PUT['wishlist_id']),
+                'wishlist_id'   => Sanitiser::getNumber($_PUT['wishlist_id']),
             )
         );
 
diff --git a/src/classes/sanitiser.php b/src/classes/sanitiser.php
index b2ab74b1..c8d6309d 100644
--- a/src/classes/sanitiser.php
+++ b/src/classes/sanitiser.php
@@ -9,9 +9,11 @@ class Sanitiser
         return $text;
     }
 
-    public static function getNumber(mixed $valueToSanitise): float
+    public static function getNumber(mixed $valueToSanitise): float|int
     {
-        return floatval(preg_replace('/[^0-9\.]+/', '', $valueToSanitise));
+        $number = preg_replace('/[^0-9\.]+/', '', $valueToSanitise);
+
+        return $number;
     }
 
     public static function getPage(mixed $valueToSanitise): string