From 6bede2fd229395f34c321a37efa2ea93e7b1a7ba Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Sun, 28 Dec 2014 13:44:56 +0100
Subject: harden the sql queries

---
 includes/model/Room_model.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'includes/model/Room_model.php')

diff --git a/includes/model/Room_model.php b/includes/model/Room_model.php
index c48abc78..49ad0c60 100644
--- a/includes/model/Room_model.php
+++ b/includes/model/Room_model.php
@@ -18,7 +18,7 @@ function Room_ids() {
  * @param $id RID          
  */
 function Room($id) {
-  $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($id) . " AND `show` = 'Y' LIMIT 1");
+  $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($id) . "' AND `show` = 'Y' LIMIT 1");
   if ($room_source === false)
     return false;
   if (count($room_source) > 0)
-- 
cgit v1.2.3-54-g00ecf