harden the sql queries

author: Philip Häusler <msquare@notrademark.de> 2014-12-28 13:44:56 +0100
committer: Philip Häusler <msquare@notrademark.de> 2014-12-28 13:44:56 +0100
commit: 6bede2fd229395f34c321a37efa2ea93e7b1a7ba (patch)
tree: a20c74d5bdddae9e1ec9a988e1ba468371a4a995 /includes/model/Room_model.php
parent: a6ab81b834fe91b0f0704a7db33e377c8dc63a23 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/model/Room_model.php b/includes/model/Room_model.php
index c48abc78..49ad0c60 100644
--- a/includes/model/Room_model.php
+++ b/includes/model/Room_model.php
@@ -18,7 +18,7 @@ function Room_ids() {
  * @param $id RID          
  */
 function Room($id) {
-  $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($id) . " AND `show` = 'Y' LIMIT 1");
+  $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($id) . "' AND `show` = 'Y' LIMIT 1");
   if ($room_source === false)
     return false;
   if (count($room_source) > 0)
author	Philip Häusler <msquare@notrademark.de>	2014-12-28 13:44:56 +0100
committer	Philip Häusler <msquare@notrademark.de>	2014-12-28 13:44:56 +0100
commit	6bede2fd229395f34c321a37efa2ea93e7b1a7ba (patch)
tree	a20c74d5bdddae9e1ec9a988e1ba468371a4a995 /includes/model/Room_model.php
parent	a6ab81b834fe91b0f0704a7db33e377c8dc63a23 (diff)