PrivateCoffee/wishthis
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix sql syntax error

Browse source
This commit is contained in:
grandeljay 2023-01-28 16:50:05 +01:00
parent 3414e6c51e
commit c31a07d855
2 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/api/wishlists.php
View file

@ -177,11 +177,11 @@ switch ($_SERVER['REQUEST_METHOD']) {
$database $database
->query( ->query(
'UPDATE `wishlists` 'UPDATE `wishlists`
SET `name` = :wishlist_name, SET `name` = :wishlist_name
WHERE `id` = :wishlist_id', WHERE `id` = :wishlist_id',
array( array(
'wishlist_name' => Sanitiser::getTitle($_PUT['wishlist_title']), 'wishlist_name' => Sanitiser::getTitle($_PUT['wishlist_title']),
'wishlist_id' => Sanitiser::getTitle($_PUT['wishlist_id']), 'wishlist_id' => Sanitiser::getNumber($_PUT['wishlist_id']),
) )
); );

6
src/classes/sanitiser.php
View file

@ -9,9 +9,11 @@ class Sanitiser
return $text; return $text;
} }
public static function getNumber(mixed $valueToSanitise): float public static function getNumber(mixed $valueToSanitise): float|int
{ {
return floatval(preg_replace('/[^0-9\.]+/', '', $valueToSanitise)); $number = preg_replace('/[^0-9\.]+/', '', $valueToSanitise);
return $number;
} }
public static function getPage(mixed $valueToSanitise): string public static function getPage(mixed $valueToSanitise): string